My computer is a Dell XPS 15 and it is running slowly since 3 days ago. Windows Explorer took me almost a full minute to load right after I boot Windows 7. Task Manager took longer to activate. I plugged my friend's external hard drive into my computer without scanning it prior to this problem. I suspect that this could be the cause. I ran an OTS Quick scan on my computer. Hopefully we can identify this problem soon.
OTS logfile created on: 25/12/2013 5:31:48 PM - Run 4 OTS by OldTimer - Version 3.1.41.4 Folder = C:\Users\YaoTheHong\Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 59.41 Gb Free Space | 13.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOMBOMCHA Current User Name: admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] psuaservice.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -> [2013/10/19 13:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) psuamain.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe -> [2013/10/19 13:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.) c2c_service.exe -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) psanhost.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2013/10/03 14:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) stservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe -> [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) vpnagent.exe -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) ots.exe -> C:\Users\YaoTheHong\My Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS\OTS.exe -> [2011/02/20 01:14:48 | 000,642,560 | ---- | M] (OldTimer Tools) nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) fatrayalert.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe -> [2010/11/02 12:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) fatraymon.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe -> [2010/11/02 12:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) faservice.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -> [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Modules - Safe List] ots.exe -> C:\Users\YaoTheHong\My Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS\OTS.exe -> [2011/02/20 01:14:48 | 000,642,560 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/21 11:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/14 09:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(FLEXnet Licensing Service 64) [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2012/11/07 04:38:36 | 001,432,400 | ---- | M] (Flexera Software, Inc.) 64bit-(EvtEng) [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) 64bit-(MyWiFiDHCPDNS) [On_Demand | Stopped] -> C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -> [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () 64bit-(RegSrvc) [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) 64bit-(AERTFilters) [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) 64bit-(DockLoginService) [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/12/12 00:35:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) (PSUAService) Panda Product Service [Auto | Running] -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -> [2013/10/19 13:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) (Skype C2C Service) Skype C2C Service [Auto | Running] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) (NanoServiceMain) Panda Cloud Antivirus Service [Auto | Running] -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2013/10/03 14:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) (sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) (sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) (MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/07/14 08:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) (SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) (vpnagent) Cisco AnyConnect VPN Agent [Auto | Running] -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -> [2011/01/18 03:48:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) (Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) (FAService) FAService [Auto | Running] -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -> [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) (RoxWatch12) Roxio Hard Drive Watcher 12 [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -> [2010/09/04 15:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) (RoxMediaDB12OEM) RoxMediaDB12OEM [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -> [2010/09/04 15:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) (NOBU) Dell DataSafe Online [Disabled | Stopped] -> C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -> [2010/08/26 10:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) (UNS) Intel(R) Management & Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files (x86)\WinPcap\rpcapd.exe -> [2010/06/26 01:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/19 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(PSINAflt) PSINAflt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\PSINAflt.sys -> [2013/10/18 03:31:26 | 000,169,192 | ---- | M] (Panda Security, S.L.) 64bit-(PSINProt) PSINProt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\PSINProt.sys -> [2013/10/11 17:46:22 | 000,137,960 | ---- | M] (Panda Security, S.L.) 64bit-(PSINProc) PSINProc [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\PSINProc.sys -> [2013/10/11 17:46:22 | 000,124,648 | ---- | M] (Panda Security, S.L.) 64bit-(PSINReg) PSINReg [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\PSINReg.sys -> [2013/10/11 17:46:22 | 000,105,704 | ---- | M] (Panda Security, S.L.) 64bit-(PSINKNC) PSINKNC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\PSINKNC.sys -> [2013/10/11 17:46:21 | 000,206,056 | ---- | M] (Panda Security, S.L.) 64bit-(PSINFile) PSINFile [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\PSINFile.sys -> [2013/10/11 17:46:21 | 000,122,600 | ---- | M] (Panda Security, S.L.) 64bit-(Sftvol) Sftvol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftvollh.sys -> [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) 64bit-(Sftredir) Sftredir [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftredirlh.sys -> [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) 64bit-(Sftplay) Sftplay [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftplaylh.sys -> [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) 64bit-(Sftfs) Sftfs [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftfslh.sys -> [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) 64bit-(NNSSTRM) NNSSTRM [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSStrm.sys -> [2013/05/29 11:55:24 | 000,246,504 | ---- | M] (Panda Security, S.L.) 64bit-(NNSTLSC) NNSTLSC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNStlsc.sys -> [2013/05/29 11:55:24 | 000,106,216 | ---- | M] (Panda Security, S.L.) 64bit-(NNSPRV) NNSPRV [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSPrv.sys -> [2013/05/29 11:55:23 | 000,118,504 | ---- | M] (Panda Security, S.L.) 64bit-(NNSSMTP) NNSSMTP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSSmtp.sys -> [2013/05/29 11:55:23 | 000,114,920 | ---- | M] (Panda Security, S.L.) 64bit-(NNSPROT) NNSPROT [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSProt.sys -> [2013/05/29 11:55:22 | 000,305,896 | ---- | M] (Panda Security, S.L.) 64bit-(NNSPOP3) NNSPOP3 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSPop3.sys -> [2013/05/29 11:55:22 | 000,119,016 | ---- | M] (Panda Security, S.L.) 64bit-(NNSIDS) NNSIDS [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSIds.sys -> [2013/05/29 11:55:21 | 000,114,920 | ---- | M] (Panda Security, S.L.) 64bit-(NNSHTTPS) NNSHTTPS [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSHttps.sys -> [2013/05/29 11:55:21 | 000,109,288 | ---- | M] (Panda Security, S.L.) 64bit-(NNSPICC) NNSPICC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSpicc.sys -> [2013/05/29 11:55:21 | 000,095,464 | ---- | M] (Panda Security, S.L.) 64bit-(NNSHTTP) NNSHTTP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSHttp.sys -> [2013/05/29 11:55:20 | 000,122,088 | ---- | M] (Panda Security, S.L.) 64bit-(NNSALPC) NNSALPC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSAlpc.sys -> [2013/05/29 11:55:20 | 000,091,368 | ---- | M] (Panda Security, S.L.) 64bit-(NNSPIHSW) NNSPIHSW [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\NNSPihsw.sys -> [2013/05/29 05:55:22 | 000,069,864 | ---- | M] (Panda Security, S.L.) 64bit-(PSKMAD) PSKMAD [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\PSKMAD.sys -> [2013/04/29 15:17:30 | 000,058,808 | ---- | M] (Panda Security, S.L.) 64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2013/04/08 23:39:14 | 000,279,616 | ---- | M] (DT Soft Ltd) 64bit-(nmwcdnsux64) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdnsux64.sys -> [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) 64bit-(vpnva) Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vpnva64.sys -> [2011/08/04 04:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(VClone) VClone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VClone.sys -> [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) 64bit-(nmwcdnsucx64) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -> [2010/12/02 10:36:40 | 000,012,800 | ---- | M] (Nokia) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) 64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2010/11/12 04:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) 64bit-(JMCR) JMCR [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\jmcr.sys -> [2010/09/27 14:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation) 64bit-(stdcfltn) Disk Class Filter Driver for Accelerometer [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\stdcfltn.sys -> [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) 64bit-(Acceler) Accelerometer Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Accelern.sys -> [2010/08/20 06:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) 64bit-(CtClsFlt) Creative Camera Class Upper Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CtClsFlt.sys -> [2010/08/13 00:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) 64bit-(PCDSRVC{1E208CE0-FB7451FF-06020101}_0) PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -> [2010/07/30 15:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/07/15 12:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) 64bit-(qicflt) upper Device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qicflt.sys -> [2010/07/12 18:38:06 | 000,029,288 | ---- | M] (Quanta Computer) 64bit-(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\npf.sys -> [2010/06/26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) 64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/06/23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) 64bit-(NETw5s64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw5s64.sys -> [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) 64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) 64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) 64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) 64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) 64bit-(Impcd) Impcd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) 64bit-(TurboB) Turbo Boost UI Monitor driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\TurboB.sys -> [2009/11/03 02:48:02 | 000,013,784 | ---- | M] () 64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(NMgamingmsFltr) USB Optical Mouse [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NMgamingms.sys -> [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mcdbus.sys -> [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) 64bit-(FACAP) facap, FastAccess Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\facap.sys -> [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) 64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) 64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdx64.sys -> [2007/06/28 11:47:14 | 000,173,056 | ---- | M] (Nokia) 64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\admin\AppData\Roaming\Mozilla\FireFox\Profiles\uuc5hb10.default\prefs.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO\ [C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO\] -> [2013/04/02 13:48:14 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX\ [C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX\] -> [2013/04/02 14:18:02 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components -> C:\Users\Ajnim\My Documents\Appendical Programs\Mozilla Firefox\components [C:\USERS\AJNIM\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\COMPONENTS] -> [2013/04/02 14:11:33 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins -> C:\USERS\AJNIM\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\PLUGINS -> HKLM\software\mozilla\Mozilla Firefox 4.0\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Mozilla Firefox\components [C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\COMPONENTS] -> [2013/04/02 14:18:47 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Users\admin\AppData\Roaming\Mozilla\Extensions -> [2011/11/28 13:06:06 | 000,000,000 | ---D | M] -> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uuc5hb10.default\extensions -> [2013/04/02 14:23:36 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> No name found -> -> File not found No name found -> C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE -> File not found No name found -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR -> File not found FastAccess Web Login -> C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO -> [2013/04/02 13:48:14 | 000,000,000 | ---D | M] Freemake Video Converter Plugin -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX -> [2013/04/02 14:18:02 | 000,000,000 | ---D | M] < HOSTS File > ([2013/04/13 23:15:39 | 000,000,855 | ---- | M] - 24 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> Reg Error: Key error. [McAfee Phishing Filter] -> File not found {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2013/10/09 10:50:52 | 006,270,336 | ---- | M] (Skype Technologies S.A.) {DA5BCE70-D057-4D63-943D-5F3927EC59F1} [HKLM] -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [SSOIEAddonBHO Class] -> [2010/11/02 12:40:26 | 000,746,120 | ---- | M] (Sensible Vision ) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> Reg Error: Key error. [Java(tm) Plug-In 2 SSV Helper] -> File not found < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitcth.dll [Octh Class] -> [2012/06/20 15:52:10 | 000,241,464 | ---- | M] (Orbitdownloader.com) {27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> Reg Error: Key error. [McAfee Phishing Filter] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/10/08 07:50:01 | 000,462,760 | ---- | M] (Oracle Corporation) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2013/10/09 10:57:48 | 004,502,400 | ---- | M] (Skype Technologies S.A.) {DA5BCE70-D057-4D63-943D-5F3927EC59F1} [HKLM] -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [SSOIEAddonBHO Class] -> [2010/11/02 12:40:26 | 000,574,088 | ---- | M] (Sensible Vision ) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/10/08 07:47:58 | 000,171,944 | ---- | M] (Oracle Corporation) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2012/06/20 15:52:10 | 000,696,000 | ---- | M] () < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2012/06/20 15:52:10 | 000,696,000 | ---- | M] () < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "IntelWireless" -> C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe ["C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray] -> [2010/03/05 10:09:02 | 001,928,976 | ---- | M] (Intel(R) Corporation) "NVHotkey" -> C:\Windows\SysNative\nvHotkey.dll [rundll32.exe C:\Windows\system32\nvHotkey.dll,Start] -> [2010/08/12 13:19:40 | 000,283,240 | ---- | M] (NVIDIA Corporation) "RtHDVBg" -> C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 ] -> [2011/01/18 14:53:06 | 002,188,904 | ---- | M] (Realtek Semiconductor) "RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/02/18 15:48:58 | 006,611,048 | ---- | M] (Realtek Semiconductor) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "FAStartup" -> [] -> File not found "FATrayAlert" -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe] -> [2010/11/02 12:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) "IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) "NUSB3MON" -> c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) "PSUAMain" -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe ["C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray] -> [2013/10/19 13:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"" -> [] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) &Grab video by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) Do&wnload selected by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) Down&load all by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) &Grab video by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) Do&wnload selected by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) Down&load all by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com) < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Button: Skype Click to Call] -> [2013/10/09 10:50:52 | 006,270,336 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2013/10/09 10:57:48 | 004,502,400 | ---- | M] (Skype Technologies S.A.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7720 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7718 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} [HKLM] -> http://support.dell.com/systemprofiler/DellSystemLite.CAB [DellSystemLite.Scanner] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {78A71A00-BC74-4F42-904C-6612B42C1F19}\\DhcpNameServer -> 192.168.1.1 (Intel(R) Centrino(R) Advanced-N 6200 AGN) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/14 09:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> GoToAssist -> -> File not found < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> FastAccess -> C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll -> [2010/11/02 12:40:28 | 000,147,080 | ---- | M] () < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 64bit-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List \List\\"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2012/06/20 15:52:10 | 002,637,624 | ---- | M] (Orbitdownloader.com) \List\\"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2012/06/20 15:43:38 | 000,557,056 | ---- | M] (Orbitdownloader.com) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {13FD0C2B-F90D-4202-BA0F-9FF93D64388A} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {36A6D726-CB33-4B76-AAFC-E487E1B717D5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {37EC36F6-72C8-4A9F-A260-052B7CB165CD} -> lport=49242 | profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface | {57C62B11-3A30-441F-9436-A86BFC7818D5} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | {6B62572C-6667-4A62-A057-272E6C3B904E} -> lport=5000 | profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface | {8F10E703-E703-4AFF-85A7-23B640B9F21C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {B99ADA06-7F1B-45E0-97CF-111F9757A78F} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=file and printer sharing (llmnr-udp-in) | app=%systemroot%\system32\svchost.exe | svc=dnscache | {D35FCAD1-99C5-4214-8E47-A2D7ACB638EB} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=file and printer sharing (llmnr-udp-out) | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0D76D760-EAE3-40F2-A83F-37F3FFF58941} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {19E61D96-D256-4A9F-854D-68EED8BC781B} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {247807A8-0BA2-4F6C-889B-3CCD7D81332A} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {42B6E22D-BEBF-4A7A-8392-0E258EADECC3} -> dir=in | action=allow | name=wireless pan dhcp server | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | {5165E028-8B4E-4D95-AD4B-75D649985E94} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {6850C763-6DE0-46FF-AB40-5616FCC8237D} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {8B2B6B84-ACB5-4AE4-B0CD-947F77305926} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {B4C00699-AC6F-431F-A081-4736E93842E6} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\users\yaothehong\documents\starcraft 2\starcraft ii beta\starcraft ii.exe | {B4CE19A6-99F8-4791-8AFA-A2AC5EA80D2C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {CEDF2E52-F56D-4DCD-B481-F3E6ADAE227C} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\users\yaothehong\documents\starcraft 2\starcraft ii beta\starcraft ii.exe | TCP Query User{08AC6BE2-514B-4E98-ABFB-0B16AE1FBFCD}C:\program files (x86)\thinktda\thinktda.exe -> profile=public | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | TCP Query User{1192A90D-5660-4795-B275-6AE7E70E9F6B}C:\users\yaothehong\desktop\givme7\garena\garena.exe -> profile=private | protocol=6 | dir=in | action=allow | name=garena.exe | app=c:\users\yaothehong\desktop\givme7\garena\garena.exe | TCP Query User{3067BD7E-5ECC-449E-A7EF-0F8A858138DF}C:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe -> profile=private | protocol=6 | dir=in | action=block | name=desmume_vs2008.exe | app=c:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe | TCP Query User{41A2DA1A-78B8-4BF5-9079-A843F1BDF4D1}E:\thinkorswim\thinktda\thinktda.exe -> profile=private | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=e:\thinkorswim\thinktda\thinktda.exe | TCP Query User{48A21A1F-98D5-4AFB-970A-CAD484C9C597}C:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=private | protocol=6 | dir=in | action=block | name=sketchup.exe | app=c:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | TCP Query User{7BDF4309-AC4A-41C8-B345-DE501EFE6B26}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=private | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | TCP Query User{7CD42776-45D1-4B96-B0E6-837BD359BEF8}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe -> profile=private | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe | TCP Query User{A07F2C7F-A0A9-4641-8572-937A213E61FF}C:\program files (x86)\thinktda\thinktda.exe -> profile=private | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | TCP Query User{A17ABDDF-04AB-41BB-B818-24B36FC78149}C:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox.exe | app=c:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe | TCP Query User{BAC4F60C-CCFA-476D-948C-853327F14F5C}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=public | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | TCP Query User{BEE720A7-EC38-4BA2-BB7C-3B65FFB64F3F}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | TCP Query User{C0C2948C-25CE-4F22-A096-BF42C060FDF5}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | TCP Query User{F1E9668C-CAA0-4129-896F-E4AAB7D742BC}C:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=public | protocol=6 | dir=in | action=block | name=sketchup.exe | app=c:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | UDP Query User{03B712D5-E2F8-41CF-B8CD-9458AA17FDF5}C:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=public | protocol=17 | dir=in | action=block | name=sketchup.exe | app=c:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | UDP Query User{1B985160-9CAA-456E-BA52-D651AF921C63}E:\thinkorswim\thinktda\thinktda.exe -> profile=private | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=e:\thinkorswim\thinktda\thinktda.exe | UDP Query User{207E6FDF-AC04-4187-A6A2-AAE11E709716}C:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=private | protocol=17 | dir=in | action=block | name=sketchup.exe | app=c:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | UDP Query User{229A93C2-2EFC-4F0A-9973-410700F250D2}C:\program files (x86)\thinktda\thinktda.exe -> profile=private | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | UDP Query User{58EF9EB5-08C9-42AA-8079-FD319894AF24}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=private | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | UDP Query User{7B0E603D-4740-400E-B4DB-7D982DD71684}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=public | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | UDP Query User{849D103E-E904-4AA2-B0FC-78E9C5CA17B2}C:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox.exe | app=c:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe | UDP Query User{9EE3C564-A7FE-4A68-8301-95CD28614D22}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | UDP Query User{A285EC91-8A96-40F0-90AD-0BCCEBCD7048}C:\users\yaothehong\desktop\givme7\garena\garena.exe -> profile=private | protocol=17 | dir=in | action=allow | name=garena.exe | app=c:\users\yaothehong\desktop\givme7\garena\garena.exe | UDP Query User{B56D4821-BBBC-4C96-B196-27B916154682}C:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe -> profile=private | protocol=17 | dir=in | action=block | name=desmume_vs2008.exe | app=c:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe | UDP Query User{CC4EF418-F73F-42E0-A0C8-1F998A42DA45}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | UDP Query User{D7A5CA6A-A8C9-41EF-9CD3-18F862CA1120}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe -> profile=private | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe | UDP Query User{DD5167B3-6F33-4B73-AB7D-C7B7C5707EF9}C:\program files (x86)\thinktda\thinktda.exe -> profile=public | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2012/06/20 15:52:10 | 002,637,624 | ---- | M] (Orbitdownloader.com) "C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2012/06/20 15:43:38 | 000,557,056 | ---- | M] (Orbitdownloader.com) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/21 11:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\Autodesk [] -> C:\Autodesk [ NTFS ] -> [2012/11/07 03:59:48 | 000,000,000 | ---D | M] < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] CanonIJ Uninstaller Information -> C:\Windows\SysNative\CanonIJ Uninstaller Information -> [2013/12/20 11:03:50 | 000,000,000 | -H-D | C] Canon MP250 series -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series -> [2013/12/20 11:03:50 | 000,000,000 | ---D | C] CanonBJ -> C:\ProgramData\CanonBJ -> [2013/12/20 11:03:36 | 000,000,000 | -H-D | C] PSKMAD.sys -> C:\Windows\SysNative\drivers\PSKMAD.sys -> [2013/12/13 10:29:34 | 000,058,808 | ---- | C] (Panda Security, S.L.) Minidump -> C:\Windows\Minidump -> [2013/12/03 03:24:05 | 000,000,000 | ---D | C] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files/Folders - Modified Within 30 Days] Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/12/25 17:34:00 | 000,000,830 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job -> [2013/12/25 17:31:00 | 000,000,928 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/12/25 17:30:39 | 000,019,136 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/12/25 17:30:39 | 000,019,136 | ---- | M] () SystemToolsDailyTest.job -> C:\Windows\tasks\SystemToolsDailyTest.job -> [2013/12/25 17:30:26 | 000,000,422 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/12/25 17:25:24 | 000,000,892 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/12/25 17:24:46 | 000,000,896 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2013/12/25 17:24:38 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2013/12/25 17:24:33 | 3168,043,008 | -HS- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/12/20 15:56:26 | 000,779,080 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/12/20 15:56:26 | 000,664,544 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/12/20 15:56:26 | 000,124,990 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job -> [2013/12/18 19:31:00 | 000,000,876 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/12/13 10:28:59 | 000,507,664 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/12/03 03:24:01 | 523,685,634 | ---- | M] () 8 C:\Users\admin\AppData\Local\Temp\*.tmp files -> C:\Users\admin\AppData\Local\Temp\*.tmp -> 48 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 2 C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\Icon Cache\*.tmp files -> C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\Icon Cache\*.tmp -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files - No Company Name] CNC173AD.TBL -> C:\Windows\SysWow64\CNC173AD.TBL -> [2013/12/20 11:01:35 | 000,012,288 | ---- | C] () CNC173AD.TBL -> C:\Windows\SysNative\CNC173AD.TBL -> [2013/12/20 11:01:35 | 000,012,288 | ---- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/12/03 03:24:01 | 523,685,634 | ---- | C] () NanoRepository.bin.bak -> C:\ProgramData\NanoRepository.bin.bak -> [2013/04/14 15:10:29 | 000,005,856 | ---- | C] () NanoRepository.bin -> C:\ProgramData\NanoRepository.bin -> [2013/04/14 15:10:29 | 000,005,856 | ---- | C] () HamsterFreeArchiver.cfg -> C:\Users\admin\AppData\Local\HamsterFreeArchiver.cfg -> [2013/04/13 12:08:34 | 000,001,610 | ---- | C] () 0x0304A000.sfl -> C:\ProgramData\0x0304A000.sfl -> [2013/04/06 02:13:10 | 000,000,000 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2013/04/04 03:30:56 | 000,787,064 | ---- | C] () FAIEExtension.dll -> C:\Windows\SysWow64\FAIEExtension.dll -> [2010/11/02 12:40:34 | 000,087,176 | ---- | C] () FAib.dll -> C:\Windows\SysWow64\FAib.dll -> [2010/11/02 12:40:30 | 000,057,480 | ---- | C] () FACrashRpt.dll -> C:\Windows\SysWow64\FACrashRpt.dll -> [2010/11/02 12:40:24 | 000,248,968 | ---- | C] () pthreadVC.dll -> C:\Windows\SysWow64\pthreadVC.dll -> [2010/06/26 01:03:12 | 000,053,299 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () [File - Lop Check] Autodesk -> C:\Users\admin\AppData\Roaming\Autodesk -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] BleachBit -> C:\Users\admin\AppData\Roaming\BleachBit -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Users\admin\AppData\Roaming\DAEMON Tools Lite -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] DassaultSystemes -> C:\Users\admin\AppData\Roaming\DassaultSystemes -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] DriverCure -> C:\Users\admin\AppData\Roaming\DriverCure -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] GlarySoft -> C:\Users\admin\AppData\Roaming\GlarySoft -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] GrabPro -> C:\Users\admin\AppData\Roaming\GrabPro -> [2011/01/24 02:57:25 | 000,000,000 | ---D | M] iExpert Software -> C:\Users\admin\AppData\Roaming\iExpert Software -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M] Orbit -> C:\Users\admin\AppData\Roaming\Orbit -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M] Panda Security -> C:\Users\admin\AppData\Roaming\Panda Security -> [2013/04/03 14:52:54 | 000,000,000 | ---D | M] ParetoLogic -> C:\Users\admin\AppData\Roaming\ParetoLogic -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M] PCDr -> C:\Users\admin\AppData\Roaming\PCDr -> [2013/04/17 10:01:38 | 000,000,000 | ---D | M] Philipp Winterberg -> C:\Users\admin\AppData\Roaming\Philipp Winterberg -> [2012/05/01 23:50:39 | 000,000,000 | ---D | M] ProgSense -> C:\Users\admin\AppData\Roaming\ProgSense -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M] SoftGrid Client -> C:\Users\admin\AppData\Roaming\SoftGrid Client -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M] TP -> C:\Users\admin\AppData\Roaming\TP -> [2011/01/22 18:59:39 | 000,000,000 | ---D | M] TuneUp Software -> C:\Users\admin\AppData\Roaming\TuneUp Software -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M] PCDoctorBackgroundMonitorTask.job -> C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job -> [2013/04/08 04:00:00 | 000,000,564 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2013/12/21 21:27:35 | 000,032,560 | ---- | M] () SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job -> [2013/12/25 17:30:26 | 000,000,422 | ---- | M] () [File - Purity Scan] < End of report >