Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Connected to wireless but no internet(malware block internet?)

Started by lemonwater16 , Feb 05 2014 11:49 PM

  • This topic is locked This topic is locked

#1
lemonwater16
Posted 05 February 2014 - 11:49 PM

lemonwater16

    Member

  • Member
  • PipPip
  • 16 posts
Hi,it has been about 2 weeks that my laptop can't go onto the internet but the wireless is connected with no problem(the other computers use the same wireless, connected with no problem).
I have heard that there are malwares that change your registry and screw up your internet(i suspect that's what's happening),
but i have scanned my computer with malwarebytes anti-malware, Superantispyware, and avast and removed anything i can find and that didn't fix the problem.
And another thing is since i can't go on the internet, i cant update my anti-virus/malware programs!

Can someone please help me?

Thank you

Edited by lemonwater16, 06 February 2014 - 12:03 AM.

  • 0

Advertisements

#2
DonnaB
Posted 09 February 2014 - 09:01 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi lemonwater16,

Welcome to Geeks To Go! :)

I do apologize that you had to wait so long for a response. Here at Geeks To Go we do get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Are you still having problems not being able to connect to your wireless network? If so, a couple questions if I may;

  • What is the make and model of your computer?
  • Would there happen to be a wifi function key on the top row of your keyboard that looks like a little antenna? If so, press it and let me know if that makes a difference.
  • Do you have an ethernet cable and have you tried to connect directly to the router/modem?
  • Do you have a USB Flash Drive in case we need to transfer files from a computer that will connect to the one that will not connect?

I look forward to your response..

Donna :)
  • 0

#3
lemonwater16
Posted 10 February 2014 - 01:04 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Donna,

Thank you very much for your reply! 1. My computer model is Sony VPCS135FG(window 7) and 2. no there are no wifi funcction key on top, only a VAIO key and an ASSIST key. 3. And sorry i don't have any internet cables so i couldn't try connecting to the router directly. 4. Yes i have usbs that i can use if needed.

And another thing is if i can't fix the problem in 4 days i would have to do it next time because i'm going overseas for a while in 4 days and i can't take that laptop.


Thank you very much,
Christie
  • 0

#4
DonnaB
Posted 10 February 2014 - 06:49 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Christie,

Thank you for the make/model number. We're going to have to do a little troubleshooting. Since time is of the essence, let's start with the obvious.

Your Sony Viao laptop has a Wireless slide switch on the front edge of the laptop casing. See page 12 in the Owners Manual. Please check to see if that switch has been slid to the off position without your knowledge. Happens all the time!

Malware can prevent you from connecting to the internet, though I'd like to prevent checking for malware only to find that the slide switch was turned to off as mentioned above or a wireless card issue. Is there any way that you can borrow an ethernet cable from a friend if you are not in the position to purchase one?

Hopefully it is something simple as what I suspect above. If you cannot connect with the cable, I will have plenty of time today after work to begin the process of checking for malware.

Donna :)
  • 0

#5
lemonwater16
Posted 10 February 2014 - 10:39 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Donna,

No the switch is not switched off, it is shown clearly that i'm connected to my wireless network as always(no trouble icon), but when i try to load any page in my IE/google chrome/firefox browser, it doesn't work. Ok, i will try to borrow one off my friend.

Thank you!
Christie
  • 0

#6
DonnaB
Posted 11 February 2014 - 10:11 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

it is shown clearly that i'm connected to my wireless network as always(no trouble icon), but when i try to load any page in my IE/google chrome/firefox browser, it doesn't work.

Ah, ha! Ok. So you are connected though none of your browsers will connect.

This is where that USB Flash drive will come in handy....

On a good computer, download the following 2 programs to the desktop of a good computer and transfer the files to the afflicted computer with the USB Flash drive and follow the instructions provided:

OTL << download

  • Double click on the Posted Image to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
      [list]
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Next:

Farbar Service Scanner << download
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defenders
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Transfer the .txt file to the good computer via USB.
  • Please copy and paste the log to your reply.

In your next reply please provide the following logs:

OTL.txt
Extras.txt
FSS.txt

Donna :)
  • 0

#7
lemonwater16
Posted 11 February 2014 - 11:35 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the OTL.txt :

OTL logfile created on: 2014/02/12 1:04:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.87 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.20% Memory free
8.52 Gb Paging File | 6.71 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): c:\pagefile.sys 4765 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.87 Gb Total Space | 29.32 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive D: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.88 Gb Total Space | 1.42 Gb Free Space | 4.74% Space Free | Partition Type: FAT32
Drive I: | 7.46 Gb Total Space | 1.60 Gb Free Space | 21.48% Space Free | Partition Type: FAT32

Computer Name: USER-VAIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 00:57:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2014/01/10 17:40:04 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/01/10 17:40:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/15 15:50:24 | 000,076,136 | ---- | M] (Black Oak Computers, Inc.) -- C:\Program Files (x86)\StrongVPN\StrongService.exe
PRC - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
PRC - [2013/07/08 10:42:38 | 001,798,696 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
PRC - [2013/04/04 10:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 10:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 10:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/08 22:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/02/23 07:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 11:53:58 | 001,679,360 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2011/10/24 09:49:14 | 000,958,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/26 21:00:23 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/04/06 07:17:11 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/01 18:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 18:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/06/01 10:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/06/01 10:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/06/01 08:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/03/04 11:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/24 04:52:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/09/19 01:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/10 17:40:32 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013/07/15 16:53:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/07/15 16:53:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013/07/15 16:53:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/07/15 16:53:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/07/15 16:52:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bf9b4653554fbf94881143bfe5e5b66\System.Xml.ni.dll
MOD - [2013/07/15 16:52:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/07/15 16:52:34 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/07/15 16:52:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011/06/26 21:00:23 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/06/24 18:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 18:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/10 17:40:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/11 06:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/11/14 20:45:32 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012/10/26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/09/23 14:18:38 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/08 11:44:00 | 000,549,408 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/09/08 10:29:16 | 000,381,488 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/08/26 13:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/14 09:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 01:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/15 05:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/08/12 00:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/06/22 09:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/06/09 14:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/03/06 01:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/06 01:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/12 09:22:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/12 03:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/15 15:50:24 | 000,076,136 | ---- | M] (Black Oak Computers, Inc.) [Auto | Running] -- C:\Program Files (x86)\StrongVPN\StrongService.exe -- (StrongVPN Service)
SRV - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/04/19 11:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 10:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 10:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/02 13:58:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 09:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/11/03 15:30:26 | 000,138,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/11/03 15:30:26 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/10/24 09:49:14 | 000,958,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/06 07:17:11 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/25 03:08:50 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/18 22:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/02 06:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/06/01 18:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/01 10:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/19 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/19 03:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 11:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/24 04:52:04 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/02/24 04:52:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 01:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 17:40:44 | 000,082,744 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/01/10 17:40:43 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/10 17:40:43 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/10 17:40:43 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/10 17:40:43 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/10 17:40:43 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/10 17:40:42 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/19 21:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/11 10:18:13 | 000,035,520 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapstrong.sys -- (tapstrong)
DRV:64bit: - [2013/04/04 10:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 09:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/12 15:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/10/12 15:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/10/12 15:20:38 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/10/08 15:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/21 09:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/28 17:11:44 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/01/28 17:11:44 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 03:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 06:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/06/26 05:03:46 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/06/23 04:15:43 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/23 04:14:35 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 04:09:35 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/23 04:04:27 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 04:02:45 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/06/19 04:09:10 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/19 04:09:08 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/19 04:09:08 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/19 04:09:06 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/19 04:08:29 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/01 03:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/29 04:23:54 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/28 04:05:57 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/27 04:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/04 10:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/10 10:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 05:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/06/18 19:11:13 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\STEC3.sys -- (STEC3)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/05/29 09:38:47 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.hk/
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\SearchScopes,DefaultScope = {0A297537-952B-42C7-94EA-F35DF6A7ABBF}
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\SearchScopes\{0A297537-952B-42C7-94EA-F35DF6A7ABBF}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\SearchScopes\{3BE39514-AC5F-4B0A-BC6A-3DD723FECC07}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\SearchScopes\{F5882302-C9FA-4FF2-A3B0-27B104DD69D2}: "URL" = http://au.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>
IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=v2401.vir.kagoya.net:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\23260607\npxbdsetup.dll ()
FF - HKLM\Software\MozillaPlugins\@baiduwangpan.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayerBaiduYun\1.19.1.23\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.4.2.0158\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQDownloadPlugin: C:\Program Files (x86)\Tencent\QQDownload\Browser\751\npXFPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKCU\Software\MozillaPlugins\duowan.com/Checker: C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/06/21 23:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/01/10 17:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/28 15:18:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/06/21 23:11:06 | 000,000,000 | ---D | M]

[2011/01/16 07:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/04/05 11:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Extensions
[2012/06/21 23:11:06 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Extensions\MozillaHotfix
[2014/01/28 21:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uog3e3c1.default\extensions
[2011/05/09 11:32:50 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uog3e3c1.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2013/05/14 19:04:34 | 000,000,000 | ---D | M] (HP Smart Print) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uog3e3c1.default\extensions\[email protected]
[2014/01/28 21:26:04 | 000,343,554 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\uog3e3c1.default\extensions\[email protected]
[2013/12/05 12:53:32 | 000,479,561 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\uog3e3c1.default\extensions\[email protected]
[2013/11/07 16:15:58 | 000,561,620 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\uog3e3c1.default\extensions\[email protected]
[2014/01/28 21:26:04 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\uog3e3c1.default\extensions\[email protected]
[2014/01/09 16:25:32 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\uog3e3c1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 07:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/09 11:22:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/04/04 07:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/04/04 07:04:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/04 07:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2009/11/07 01:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/07 01:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files (x86)\Baidu\BaiduPlayer\1.16.0.73\npxbdyy.dll
CHR - plugin: \u6B6A\u6B6A (Enabled) = C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\user\AppData\Roaming\RCTW\plugins\nprcplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Proxy Switchy! = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Free Smileys & Emoticons = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.32.0_0\
CHR - Extension: ChromeVis (by Google) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halnfobaneppemjnonmmhngbfifnafgd\2.4.4_0\
CHR - Extension: Google Wallet = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/31 13:48:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (QQDownload IE Left Helper) - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\TENCENT\QQDownload\QQIEHelper64.dll (Tencent Technology (Shenzhen) Company Limited)
O2:64bit: - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!J\Toolbar64\7_3_0_20\Modules\ypho.dll (Yahoo Japan Corporation. )
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (QQDownload IE Left Helper) - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\TENCENT\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
O2 - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_15\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: 网页图片保存能手 - {3F7C5588-6763-4791-8B8B-D73B08396DE9} - C:\Program Files (x86)\picsaver988\picsaver.exe (光明软件工作室)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18106445-AECD-427D-AC9B-5A731B225930}: DhcpNameServer = 199.47.194.253 199.47.192.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9034BED-756A-4F6A-A8A7-DBB066F128D6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C68D5C7B-F9B0-43E1-A050-B58FD412FEC8}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 15:22:58 | 000,000,283 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/06 03:17:05 | 000,160,296 | ---- | C] (Safer Networking Limited ) -- C:\Users\user\Desktop\spybotsd162.exe.9gqwq1f.partial
[2014/02/06 00:02:12 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/01/29 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/29 20:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/01/29 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/29 20:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/28 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/28 21:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/12 01:10:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 01:10:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 01:06:13 | 002,342,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 01:06:13 | 000,661,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 01:06:13 | 000,420,446 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/02/12 01:06:13 | 000,395,328 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2014/02/12 01:06:13 | 000,378,026 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2014/02/12 01:06:13 | 000,125,468 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/02/12 01:06:13 | 000,125,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 01:06:13 | 000,122,858 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2014/02/12 01:06:13 | 000,117,944 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2014/02/12 01:00:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/02/12 01:00:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/12 01:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/12 01:00:04 | 3113,390,080 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/12 00:22:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/11 23:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 23:16:46 | 252,659,095 | ---- | M] () -- C:\Users\user\Desktop\mc.rar
[2014/02/11 23:14:21 | 000,000,578 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2451559130-3535924385-1227171972-1000UA.job
[2014/02/06 03:24:51 | 000,160,296 | ---- | M] (Safer Networking Limited ) -- C:\Users\user\Desktop\spybotsd162.exe.9gqwq1f.partial
[2014/02/06 02:00:05 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4f6c67b5-a020-4123-ba8a-47c988403ecc.job
[2014/02/05 22:22:19 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4143e4bb-0c03-4f33-ab66-e3242c4628b5.job
[2014/01/29 20:59:51 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/01/29 20:10:00 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2451559130-3535924385-1227171972-1000Core.job
[2014/01/29 19:48:05 | 000,462,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/28 22:21:13 | 000,000,716 | ---- | M] () -- C:\Users\user\Desktop\cc_20140128_222110.reg
[2014/01/28 22:20:38 | 000,001,244 | ---- | M] () -- C:\Users\user\Desktop\cc_20140128_222035.reg
[2014/01/28 22:20:11 | 000,079,152 | ---- | M] () -- C:\Users\user\Desktop\cc_20140128_222003.reg
[2014/01/28 22:19:24 | 000,852,890 | ---- | M] () -- C:\Users\user\Desktop\cc_20140128_221806.reg
[2014/01/28 21:47:17 | 2683,016,144 | ---- | M] () -- C:\Users\user\Desktop\Songs.rar
[2014/01/28 21:34:37 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/18 02:37:35 | 000,079,844 | ---- | M] () -- C:\test.xml
[2014/01/18 00:52:52 | 001,802,859 | ---- | M] () -- C:\Users\user\Desktop\1.2.5.1.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/11 23:15:33 | 252,659,095 | ---- | C] () -- C:\Users\user\Desktop\mc.rar
[2014/01/29 21:00:05 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4143e4bb-0c03-4f33-ab66-e3242c4628b5.job
[2014/01/29 21:00:04 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4f6c67b5-a020-4123-ba8a-47c988403ecc.job
[2014/01/29 20:59:51 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/01/28 22:21:11 | 000,000,716 | ---- | C] () -- C:\Users\user\Desktop\cc_20140128_222110.reg
[2014/01/28 22:20:36 | 000,001,244 | ---- | C] () -- C:\Users\user\Desktop\cc_20140128_222035.reg
[2014/01/28 22:20:06 | 000,079,152 | ---- | C] () -- C:\Users\user\Desktop\cc_20140128_222003.reg
[2014/01/28 22:18:10 | 000,852,890 | ---- | C] () -- C:\Users\user\Desktop\cc_20140128_221806.reg
[2014/01/28 21:34:37 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/28 21:26:42 | 2683,016,144 | ---- | C] () -- C:\Users\user\Desktop\Songs.rar
[2014/01/18 00:52:51 | 001,802,859 | ---- | C] () -- C:\Users\user\Desktop\1.2.5.1.zip
[2013/12/20 19:46:30 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/12/13 15:50:18 | 002,310,992 | ---- | C] () -- C:\Windows\SysWow64\shellfire.dll
[2013/05/13 19:00:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/05/10 21:36:19 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2013/04/27 14:20:47 | 000,000,207 | ---- | C] () -- C:\Users\user\.swfinfo
[2013/04/26 21:19:02 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2013/02/23 11:50:58 | 000,000,043 | ---- | C] () -- C:\Users\user\jagex_cl_oldschool_LIVE.dat
[2013/02/16 10:40:00 | 000,000,032 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2013/02/16 09:14:13 | 000,000,045 | ---- | C] () -- C:\Users\user\jagex_cl_loginapplet_LIVE.dat
[2012/12/20 22:28:28 | 000,000,036 | ---- | C] () -- C:\Users\user\AppData\Local\housecall.guid.cache
[2012/06/30 21:13:26 | 011,843,188 | ---- | C] () -- C:\Users\user\05 深愛.mp3
[2012/06/30 21:13:23 | 014,478,451 | ---- | C] () -- C:\Users\user\17 SUPER GENERATION ―MUSEUM STYLE―.mp3
[2012/06/30 21:13:20 | 011,672,879 | ---- | C] () -- C:\Users\user\16 ROMANCERS' NEO.mp3
[2012/06/30 21:13:13 | 010,742,910 | ---- | C] () -- C:\Users\user\12 Pray.mp3
[2012/06/30 21:13:10 | 010,810,835 | ---- | C] () -- C:\Users\user\13 COSMIC LOVE.mp3
[2012/06/30 21:13:07 | 011,359,405 | ---- | C] () -- C:\Users\user\10 POP MASTER.mp3
[2012/06/30 21:13:01 | 010,921,593 | ---- | C] () -- C:\Users\user\03 Astrogation.mp3
[2012/06/30 21:09:18 | 010,461,833 | ---- | C] () -- C:\Users\user\06 夢幻.mp3
[2012/06/30 21:09:12 | 012,196,394 | ---- | C] () -- C:\Users\user\15 迷宮バタフライ ―diverse―.mp3
[2012/06/30 21:09:01 | 009,138,995 | ---- | C] () -- C:\Users\user\04 Trickster.mp3
[2012/06/27 10:09:29 | 000,000,024 | ---- | C] () -- C:\Users\user\random.dat
[2012/04/28 10:43:49 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll
[2012/03/23 06:13:23 | 000,007,597 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011/04/07 06:32:40 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2011/02/09 11:23:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/08 17:16:07 | 000,000,037 | ---- | C] () -- C:\Users\user\AppData\Roaming\CoreAVC.ini

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2013/12/25 20:44:55 | 108,171,229 | ---- | C] ()(C:\Users\user\Desktop\南家三?妹III 01.rmvb) -- C:\Users\user\Desktop\南家三姊妹III 01.rmvb
[2013/12/01 11:02:56 | 371,832,507 | ---- | M] ()(C:\Users\user\Desktop\?声密?[完?].rar) -- C:\Users\user\Desktop\轻声密语[完结].rar
[2013/12/01 10:55:17 | 371,832,507 | ---- | C] ()(C:\Users\user\Desktop\?声密?[完?].rar) -- C:\Users\user\Desktop\轻声密语[完结].rar
[2013/11/17 18:41:39 | 000,002,289 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?濘7.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\捃濘7.lnk
[2013/11/17 18:41:39 | 000,002,289 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?濘7.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\捃濘7.lnk
[2013/04/05 19:55:22 | 016,623,423 | ---- | M] ()(C:\Users\user\Desktop\??版・魔法少女小? 叛逆的物? ?告PV【非盗?源】 - ?哩?哩 - ( ゜- ゜)つロ 乾杯~ - bilibili.tv.flv) -- C:\Users\user\Desktop\剧场版·魔法少女小圆 叛逆的物语 预告PV【非盗摄源】 - 嗶哩嗶哩 - ( ゜- ゜)つロ 乾杯~ - bilibili.tv.flv
[2013/04/05 19:54:28 | 016,623,423 | ---- | C] ()(C:\Users\user\Desktop\??版・魔法少女小? 叛逆的物? ?告PV【非盗?源】 - ?哩?哩 - ( ゜- ゜)つロ 乾杯~ - bilibili.tv.flv) -- C:\Users\user\Desktop\剧场版·魔法少女小圆 叛逆的物语 预告PV【非盗摄源】 - 嗶哩嗶哩 - ( ゜- ゜)つロ 乾杯~ - bilibili.tv.flv
[2012/04/27 09:57:32 | 021,077,154 | -H-- | M] ()(C:\Users\user\Documents\【東方手書き】か?んは?れアリスちゃん!!#3.flv) -- C:\Users\user\Documents\【東方手書き】がんばれアリスちゃん!!#3.flv
[2012/04/27 09:52:59 | 021,077,154 | -H-- | C] ()(C:\Users\user\Documents\【東方手書き】か?んは?れアリスちゃん!!#3.flv) -- C:\Users\user\Documents\【東方手書き】がんばれアリスちゃん!!#3.flv
[2009/01/07 22:06:22 | 108,171,229 | ---- | M] ()(C:\Users\user\Desktop\南家三?妹III 01.rmvb) -- C:\Users\user\Desktop\南家三姊妹III 01.rmvb
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\网??片保存能手) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\网页图片保存能手
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???件) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\猪猪游?) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\猪猪游戏
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?濘?璃) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\捃濘璃
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >


Here is the Extra.txt:

OTL Extras logfile created on: 2014/02/12 1:04:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.87 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.20% Memory free
8.52 Gb Paging File | 6.71 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): c:\pagefile.sys 4765 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.87 Gb Total Space | 29.32 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive D: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.88 Gb Total Space | 1.42 Gb Free Space | 4.74% Space Free | Partition Type: FAT32
Drive I: | 7.46 Gb Total Space | 1.60 Gb Free Space | 21.48% Space Free | Partition Type: FAT32

Computer Name: USER-VAIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07055C6B-B55A-4811-9834-599B47349913}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0CB631F5-6B67-426A-BBE1-5AA7462ED31C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F264C3D-C042-47A4-8040-3422104A2075}" = lport=137 | protocol=17 | dir=in | app=system |
"{127C613F-7AAD-4BC8-ADA9-63598CFCD3E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{1FCC6813-D1EF-4F00-BD3A-B0B41D488134}" = rport=137 | protocol=17 | dir=out | app=system |
"{26A40B29-4FAB-4F37-978D-A0EF1C7D4700}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2F7F716C-EC80-43B9-BD6B-E11038356782}" = rport=139 | protocol=6 | dir=out | app=system |
"{311168AB-C159-4580-B55A-CD42212E0662}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32857DEA-2030-4595-89B3-D2E60443B0B2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3327791D-E8FC-4A71-B299-8952E04A90A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B2A35B-2E84-4C27-AC79-A416CB263290}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E7BFB5C-A3FA-4DD3-BF92-1B1989DEDBFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E2E811F-F330-432A-982E-52C0397959D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{65D5771B-BE95-46DF-A73E-1F434D79A559}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{696A3242-F143-4C4B-BDF2-CF95F2578B1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69BBECBF-6575-4707-B096-56D6800F820F}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A2BF068-6F64-4AF2-8A92-423BBBC51F8A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F939DDC-1C16-437F-B821-6123D319CFCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{827CE10B-9977-4750-8317-87FD82FFD0CB}" = lport=138 | protocol=17 | dir=in | app=system |
"{902A928D-DD94-43A7-8CB9-24A1FF1BA3AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A50B3A18-BC0F-4A9D-8727-EE917C644B67}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{B76AED8A-A136-4C19-B903-73D04576A170}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C63B6638-9E15-46D9-982E-2A5AC31E966E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D096CF7E-F976-47A8-A10E-B752A41E1015}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE59C081-9301-4CC9-BD75-817F8BB6165D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E0ACF07E-285D-45F9-965E-ED70EF7D07FA}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{E3D27C34-31EE-418B-A4EA-559448D57F47}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6DD4A50-AF52-4737-995A-EECCCC72C6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F74BE1D8-8C64-4C26-BB7B-FE2446AC639B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02285D62-3FE6-47A7-B95A-41BB9D57405A}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{036D06C5-3DC8-44CB-B51F-3E92CB3109E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{0417B69E-4E55-4294-A9DB-AA077545D6D1}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{049F0603-E39A-429C-9647-B17397989992}" = dir=in | app=c:\program files (x86)\baidu\baiduplayerbaiduyun\1.19.1.23\baiduplayer.exe |
"{081C1C11-F121-42C4-B490-04F05E8AE2D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A1168D1-4B50-4EBB-9011-4AD1755F1E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{10111A8F-EF28-4003-9E4F-174FE80C17A5}" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"{1491D675-F8CB-4864-92DD-ABDC6CDDDB80}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1A93E0F0-9D00-472E-9EFF-4D10C584850D}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{1AE73821-C06D-4A2F-9C59-F50863184828}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1DEC9CB5-CBE5-4398-A7FB-25F5E77445FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EA7811F-8FE7-4C97-8C53-EE709DA3806F}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{1F875C6D-C438-4D16-8A32-F56B67C4B333}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{22939672-F0A5-44A6-95B3-8A1CACFC8302}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{2367611B-AAF3-40A3-A428-5CE69D698026}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{272C23BB-8E5A-4E67-9C9B-A0B8AE391851}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{275392C4-4C07-49F1-90EF-4D1A8488ABF8}" = protocol=58 | dir=in | [email protected],-28545 |
"{2AFD9F57-C247-47CA-987A-ABFE4BEE33AD}" = protocol=58 | dir=out | [email protected],-28546 |
"{2D5B4079-0854-4EB0-99EC-102C8107DED7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{313B6477-A6D2-4BDC-B10A-50C9C78A9B5C}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{3336877E-EEA6-4038-B959-4A461B926F66}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3358040F-CEC3-473B-BF28-D172870AE25A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{38CFCF6C-80C2-41A8-85E0-913AB15339D4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{3A068E32-01D4-420D-B188-B01F56BB7EAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3C103F52-7D0E-4F8F-80A0-3B81CFFCE656}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{3F4A56AB-F4C0-4491-8849-7616A385D346}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe |
"{42451B3B-7358-401C-B8F7-47CB126572C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{43E3EB7D-760D-4D46-BA86-303F5C790EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{44E36C9C-51FA-44A2-82B9-0BCD3FA13FC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4567163B-1FC8-46A7-9733-51F743155E75}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\bugreport.exe |
"{466D4670-F726-4AB7-9065-5468EB4D50A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{487E7F9B-D844-4685-8B10-D9ADA0C1CCF5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{48C2D2EB-D0C0-46DC-9F5F-7F8FA0680C69}" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"{4A5917B0-82AE-4191-9049-C47988C4B187}" = protocol=6 | dir=out | app=system |
"{4DC76966-A82A-4595-98F8-9772FDECE2FC}" = protocol=6 | dir=in | app=c:\nexon\suddenattack\ghsalncr.exe |
"{50AE1086-63BB-4C7B-B9D1-50900ACBB45A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{517953B1-2CF6-4F08-8BF7-82C335F96BE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{51CE3BCA-2A43-4EC5-8B1F-E4FB23585801}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{541EB4B7-1ACC-43F9-8847-F1F343384A14}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{551CB68E-43EE-45B9-979D-72D30C995F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe |
"{576A5909-90CE-4F58-AE71-387AEEA2C09E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F8FE89E-3E82-4DF0-A16F-32B0946574F5}" = protocol=1 | dir=in | [email protected],-28543 |
"{6089E751-38E3-440A-9079-D034847363D8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{60F98ADB-6825-4099-B351-D337AD58ED7A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\bugreport.exe |
"{611C0C7B-2A52-46AA-B9A5-1B59CBDBCDB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6273E766-1207-4EFE-8EC3-4622CCA5CC40}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{64A3ECEE-E051-41DA-A4AE-709D6FF46E01}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68289C7D-23E1-4650-B042-C23427900020}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\3.4.2.0158\plugininstaller.exe |
"{6DEE87C8-BF8E-414D-9210-D8C2F0232C73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F8A75D0-AAC6-433C-94F7-6A116026533B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{7848144E-BB79-42E7-9CAF-E588079226CF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7914437C-0346-4CDC-B39E-94DA7D9B2473}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{796D1D2D-D273-445D-8A62-E9961A7F58E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B554F9A-1C96-4DD1-B6BE-2C992898FCAD}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D359FA6-1763-4EC0-A9E0-0F1C9297DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{834A60AC-0E0B-49EF-BEB3-E2B682182DE0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8666DA68-025C-4E9A-A96A-56345C644CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe |
"{8C667619-B25C-40C2-81A9-CADBFF4854F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8FFA91F2-5228-4D1B-B6CE-118C245DC94B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{94B36055-5BCC-448D-A665-A7FFCF8506FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2A725F9-739F-47DE-9AB9-BE9F1E6A7356}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{A97AF8DD-2799-4651-B98A-47C730820CCF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B22FFA7B-6DC8-42D5-B65E-D908B382D7B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B240284A-AB0F-4686-B4DC-4F7796A8EC42}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{B9D56CF0-B6D8-4832-9A7A-16E522D5A8C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BB2D79EF-5615-4E19-ADC7-F7C9A965EE51}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{BE09C724-3854-4A51-9EEC-9C89F3475606}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{C04AB33A-43B5-4CBF-AF6F-186E93DE0FFC}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\3.4.2.0158\plugininstaller.exe |
"{C99162F4-1F3D-4273-896D-7969487EECB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CD8262D2-C24D-4755-83AD-6825E2F71A38}" = dir=in | app=c:\program files (x86)\baidu\baiduplayerbaiduyun\1.19.1.23\baidup2pservice.exe |
"{D2DEEB12-CA9D-4A5B-BB29-D964BF2309FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D7138437-0B56-41FA-924B-5A9CB1D7C864}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D880BC0B-07FC-4A16-8BFF-8137911D9B51}" = protocol=17 | dir=in | app=c:\nexon\suddenattack\ghsalncr.exe |
"{DC85871E-2353-4829-987F-DF120BD0FD1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DC895EFF-6623-43CE-B9A5-461573CCFC72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DD0D1D9B-6FD3-481E-A728-7BFFBBF6D8F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDCBB419-5D0A-401C-B7B0-C78C2124AA57}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E2418E8C-94BF-48E4-9FF7-27BEAC9253BF}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{E30BF748-A0BF-4255-9430-2F003AE187CD}" = dir=in | app=c:\program files (x86)\baidu\baiduplayerbaiduyun\1.19.1.23\statreport.exe |
"{E3532FFC-AB37-4703-BEF2-459730EBA33D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe |
"{E43C5384-8D44-4407-9697-B4978F142FC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5B957C9-5236-4538-87AF-7A202670A82D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA9DF137-A7C9-4263-94C7-F44D2166D2F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F03EB449-084E-4AFD-8F53-F43A4F82EC97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F1661B39-7AEB-476C-A5E2-234A9381C6B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F1D7FED4-D227-458D-B31F-810840F184A9}" = protocol=1 | dir=out | [email protected],-28544 |
"{F9194C9C-177D-43FB-A343-1835766C0CB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9389000-7A4C-4235-A1BD-82B64946C03D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FA75EF8A-85BD-4B7E-84E5-83C4E07722FE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media gallery\vrlp.exe |
"{FB21FD51-C170-49FB-B58A-EFD177A9ECB0}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{FB953528-BB29-4F16-AA0D-6867D2125C39}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FD76A166-79D4-4C0C-87C6-C3820F3C80FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FE98244E-D87A-4EF0-B3D4-293AA9770B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{0C3296A4-CA0E-4341-815F-419B6714BF8B}C:\users\user\downloads\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\stronghold 2\stronghold2.exe |
"TCP Query User{170F6839-A326-4A4E-A3D8-FA18866DB368}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"TCP Query User{22A11C8B-A647-4DC9-80FB-F7A375AF8D83}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{30A46632-84F2-4D1B-B3D0-DC751A8C77F6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{32C817B9-6AED-41C8-A9E0-4AA7499A983C}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"TCP Query User{342F5266-DBD1-4D1E-A20E-562C7B6FA016}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe |
"TCP Query User{39344B1D-BB84-485E-8E65-D4E4D41A184A}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"TCP Query User{4BA0A107-6FC5-418A-9F09-575FE44E96C7}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4D09A52A-B29E-4E0A-83E1-DFDB4B1D3F17}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4FDBF27B-739E-4F2B-80C4-B83072E6F113}C:\program files (x86)\duowan\yy-4\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\yy.exe |
"TCP Query User{6237BFCD-5481-42D3-8E1D-C69F7588C96C}C:\program files (x86)\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\condition zero\hl.exe |
"TCP Query User{6BC51475-BD91-4DF0-B7DA-E452FEFAF8EF}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"TCP Query User{904CE68A-44C0-42B0-AFFA-CD536A0626B4}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"TCP Query User{93F9261F-27A8-47F6-83E3-F26C3B2827BE}C:\users\user\downloads\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\stronghold 2\stronghold2.exe |
"TCP Query User{95880ED1-5780-45C1-B1FF-C4313F7CC1D5}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{A392372F-697B-4030-ADDF-ED50BBAEAB67}C:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"TCP Query User{A998BFBC-494B-425B-9236-D0B872958566}C:\program files (x86)\easymule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\easymule\emule.exe |
"TCP Query User{AFF9A6D3-2488-4D27-BB48-41FF1CCA507F}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe |
"TCP Query User{B1EB63A9-D185-4A01-A7F9-6C6FE009FEE2}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"TCP Query User{B28B3843-C280-4AA4-95AC-B9B5F94FF23B}C:\program files (x86)\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\condition zero\hl.exe |
"TCP Query User{CC2507B4-62C2-470F-8C40-F8AE9DE5C339}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"TCP Query User{EEB79F33-B186-44EE-B9AA-EFD80607D715}C:\nexon\suddenattack\suddenattack.exe" = protocol=6 | dir=in | app=c:\nexon\suddenattack\suddenattack.exe |
"TCP Query User{F06A9B4B-62E9-42CD-94A7-2329650D17C6}C:\users\user\desktop\program\jptv-v2.2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\program\jptv-v2.2.exe |
"TCP Query User{FEE75860-D10D-447C-BE81-B59777F28E16}C:\program files (x86)\peercast\peercast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\peercast\peercast.exe |
"UDP Query User{0D4B712D-B754-4428-9930-6E9CC9405225}C:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"UDP Query User{10EB37ED-D7DF-4972-9EFE-12B3CAC68F11}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2A2BB4AD-C48A-4F90-A270-7F3BFDC84CBB}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"UDP Query User{337D294E-20E8-4139-BB74-CAB68A7ECC17}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"UDP Query User{4677E803-384D-4ED8-9878-10612A9450B4}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"UDP Query User{478FAF27-A23A-4102-A2BD-34D559B853C7}C:\users\user\desktop\program\jptv-v2.2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\program\jptv-v2.2.exe |
"UDP Query User{5B2825C9-6395-461E-8570-8F27BC64B454}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5CA32E03-84D0-48C3-AB23-275BF0F33DD6}C:\program files (x86)\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\condition zero\hl.exe |
"UDP Query User{66EDB5A0-6AFE-4193-B6AA-CD26896CE1A9}C:\nexon\suddenattack\suddenattack.exe" = protocol=17 | dir=in | app=c:\nexon\suddenattack\suddenattack.exe |
"UDP Query User{794B5730-D111-43DD-8437-9163BA4AE7C1}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"UDP Query User{83DEE0E0-98EF-4E97-A5F1-795B784831A4}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{852BE9B4-5E63-4462-BAB0-77172B02C5AB}C:\program files (x86)\duowan\yy-4\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\yy.exe |
"UDP Query User{8E9B332E-A46E-4E19-A8B3-CF2CF30987A1}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"UDP Query User{9813AAD6-E4D3-4B39-A18C-8455D9DB5FB2}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe |
"UDP Query User{A7AE5E8D-95FC-438B-AEA9-B830796F5F13}C:\users\user\downloads\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\stronghold 2\stronghold2.exe |
"UDP Query User{A9B4B7AF-F0B9-4A34-BD91-AA7C1D26DC00}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{B7DB207C-B303-446B-B77A-C2723C6A6A91}C:\program files (x86)\peercast\peercast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\peercast\peercast.exe |
"UDP Query User{BECFB52A-A75B-4883-82D2-ED1A7CB5101B}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"UDP Query User{C127C61F-702B-4B51-8B9D-4AEBD97A3596}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe |
"UDP Query User{C3207595-0A9E-4498-92D9-20482E027BAE}C:\users\user\downloads\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\stronghold 2\stronghold2.exe |
"UDP Query User{CD58B838-47D9-4616-8640-C56830F47E8C}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"UDP Query User{E2CB1606-C187-4017-A513-45A09C55D647}C:\program files (x86)\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\condition zero\hl.exe |
"UDP Query User{E74F9869-9384-4A3D-B951-C5FDA18404CE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{F879D51F-A6E2-471B-9F38-471DFB18B401}C:\program files (x86)\easymule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\easymule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20F2AD58-CE1D-4994-9945-B1B3F2600254}" = Nitro PDF Reader
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6CF85F70-1A93-46FE-A2DE-6FF4A9A107D1}" = Prepare Your VAIO
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel® PROSet/Wireless WiFi Software
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0044AEC7-8924-4FB1-B4F7-FD14A5FEA9E4}" = RPGツクール2003 ランタイムパッケージ
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB3EC39-AE92-597F-D6C1-1BADA9D876C0}" = ニコ生アラート(本家)
"{0E0CA282-7F32-4B0D-B427-78B9A3CBC42F}" = Messenger Companion
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars? Knights of the Old Republic ™
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims? 2 Double Deluxe
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3ECECC41-64EC-47F7-BCD1-6EC7039FF88A}" = YTD Toolbar v6.6
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ADDF79-3249-4679-B527-3FB8C5EA99E5}" = Overture 4.0 繁體中文版
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{6EB6293C-9286-4981-8672-956E1A92F33B}_is1" = StrongVPN Client
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738F26C3-7787-7338-F455-DB166FC72007}" = tohoGolden
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - 遠端鍵盤
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.4.2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1" = Pavtube Video Converter Ver 3.7.3.1865
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BF7B6870-1B4F-4ADB-8862-8961B1BC4A34}" = Prepare Your VAIO
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C83CFA47-5F5D-4E63-90B8-DC05A4633E07}" = ふたば☆ちゃんねる2.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.004
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D65139EC-C4D1-4687-9A02-04A5D84E7E26}" = VOCALOID2 Voice DB (Rin)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DD696AF7-8A89-41D5-976A-2053E41A69BE}" = VAIO - Media Gallery
"{DD980D24-1240-4052-A5F7-411786C36AC8}" = Remote Keyboard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0990010-9FC0-47CB-0095-C4F40C9432A9}" = The Sims 2 University
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E501347A-7A44-4c86-A34F-0EA69A9AC542}" = 九方TS繁簡專業版
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9615818-3477-4B11-A1F7-A78DF0993DD5}" = VOCALOID2 Voice DB (Len)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V3.0.3
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.030
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.4.2J
"{F606680C-ECF5-4DFC-9396-27CD5D02171E}" = 屋上の百合霊さん
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = KMP Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"BaiduPlayerBaiduYun" = BaiduPlayerBaiduYun1.19.1.23
"Bamboo Dock" = Bamboo Dock
"Condition Zero" = Condition Zero
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DC++" = DC++ 0.811
"easyMule" = easyMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"iTudou" = iTudou
"LINE" = LINE
"Mabinogi" = Mabinogi
"MADIYURI" = クラス全員マヂでゆり!
"MajiroAppカタハネ" = カタハネ
"MajiroApp" = 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NicoLiveAlert.AF13000F70F492D28A0F3BBE6342BA29A9AB98CC.1" = ニコ生アラート(本家)
"picsaver" = nabocorp. picsaver (remove only)
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"QQ旋风" = QQ旋风4.4
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"RPGツクールVX RTP_is1" = RPGツクールVX RTP
"Steam" = Steam
"Steam App 550" = Left 4 Dead 2
"SuddenAttack" = サドンアタック
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"ThiefGoldDeinstallKey" = Thief Gold
"TTPlayer" = 千千靜聽 5.7正式版
"TXIEHlp" = IE刲坰翑忒
"Update Engine" = Sony Ericsson Update Engine
"VirtualCloneDrive" = VirtualCloneDrive
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Wing IDE 101 4.0_is1" = Wing IDE 101 4.0.0-1
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Editor_is1" = Wondershare Video Editor(Build 3.0.1)
"Yahoo!Jツールバー" = Yahoo!ツールバー
"YoukuClient" = モナソ眩ヘサァカヒ

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2451559130-3535924385-1227171972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1428B69E-DFF5-40e6-8FD8-93DE4054DCFC}" = 妹ぱらだいす!Hアニメ増量版
"Dropbox" = Dropbox
"majikoi" = 真剣で私に恋しなさい!
"PIL-py2.7" = Python 2.7 PIL-1.1.7
"Spotify" = Spotify
"YY4" = YY4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014/02/05 15:09:33 | Computer Name = user-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 63180

Error - 2014/02/05 15:09:33 | Computer Name = user-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 63180

Error - 2014/02/05 15:12:19 | Computer Name = user-VAIO | Source = KMPService.exe | ID = 0
Description =

Error - 2014/02/06 1:33:27 | Computer Name = user-VAIO | Source = KMPService.exe | ID = 0
Description =

Error - 2014/02/06 5:14:18 | Computer Name = user-VAIO | Source = Google Update | ID = 20
Description =

Error - 2014/02/10 2:23:43 | Computer Name = user-VAIO | Source = KMPService.exe | ID = 0
Description =

Error - 2014/02/11 10:31:40 | Computer Name = user-VAIO | Source = KMPService.exe | ID = 0
Description =

Error - 2014/02/11 10:38:56 | Computer Name = user-VAIO | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\duowan\yy-4\yylauncher.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 2014/02/11 10:38:56 | Computer Name = user-VAIO | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\duowan\yy-4\yylauncher.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 2014/02/11 11:14:21 | Computer Name = user-VAIO | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 2012/09/19 19:11:58 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 11:11:58 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 19:11:59 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 11:11:59 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2012/09/19 19:12:03 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 11:11:59 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 20:12:06 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:06 PM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 20:12:06 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:06 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2012/09/19 20:12:06 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:06 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 20:12:07 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:07 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 20:12:07 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:07 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2012/09/19 20:12:07 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:07 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2012/09/19 20:12:08 | Computer Name = user-VAIO | Source = MCUpdate | ID = 0
Description = 12:12:07 PM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 2014/02/05 15:17:35 | Computer Name = user-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 2014/02/06 1:33:09 | Computer Name = user-VAIO | Source = Service Control Manager | ID = 7000
Description = The STEC3 service failed to start due to the following error: %%2

Error - 2014/02/06 1:38:47 | Computer Name = user-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 2014/02/10 2:23:32 | Computer Name = user-VAIO | Source = Service Control Manager | ID = 7000
Description = The STEC3 service failed to start due to the following error: %%2

Error - 2014/02/10 2:28:59 | Computer Name = user-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 2014/02/10 2:29:04 | Computer Name = user-VAIO | Source = Service Control Manager | ID = 7022
Description = The Google更新 服務 (gupdate) service hung on starting.

Error - 2014/02/11 10:28:39 | Computer Name = user-VAIO | Source = Service Control Manager | ID = 7000
Description = The STEC3 service failed to start due to the following error: %%2

Error - 2014/02/11 10:37:33 | Computer Name = user-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 2014/02/11 13:01:04 | Computer Name = user-VAIO | Source = Service Control Manager | ID = 7000
Description = The STEC3 service failed to start due to the following error: %%2

Error - 2014/02/11 13:06:05 | Computer Name = user-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >


And here is the FFS.txt:

Farbar Service Scanner Version: 02-02-2014
Ran by user (administrator) on 12-02-2014 at 01:31:55
Running from "I:\"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 15:26] - [2013-01-04 13:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Thank you very much!
Christie
  • 0

#8
DonnaB
Posted 11 February 2014 - 12:27 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Christie,

Thank you for the logs. I see no hint of malware in the OTL log, though it does appear that your Avast software is way outdated.

Please do the following and let me know the results:

Let's flush your DNS cache and restore the HOSTS file:

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Use the USB Flash drive to transfer (drag and drop) the .bat file to the desktop of the other computer.
Double-click flush.bat file to run it. Your computer will reboot.

Note: For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".

See if you can load a webpage in any of your browsers.
  • 0

#9
lemonwater16
Posted 11 February 2014 - 01:04 PM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Donna,

I followed your instructions and after the computer has restarted, it could go onto the internet for about 10 minutes, and then the same thing happened again(i couldn't load any web pages) and i'm half way updating my antivirus engine and it got cut off.

Thanks,
Christie
  • 0

#10
DonnaB
Posted 11 February 2014 - 01:58 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Christie,

Boot the laptop to the Advanced Options Boot menu by restarting the computer and begin tapping the F8 key as soon as you see the Sony logo appear. Once there, choose Safe Mode with Networking and try to open a webpage there after.

Let us know the results.

Thank you,
Donna :)
  • 0

Advertisements

#11
lemonwater16
Posted 12 February 2014 - 01:08 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Donna,

Going on the internet in safe mode seems to have no problem.


Thank you,
Christie
  • 0

#12
DonnaB
Posted 12 February 2014 - 06:32 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Ok Christie,

You have yourself behind many stealth type clients, such as the following:

The OpenVPN Project
StrongVPN Client

IE - HKU\S-1-5-21-2451559130-3535924385-1227171972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=v2401.vir.kagoya.net:80 http://letushide.com...kyo_Tokyo_Japan

CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18106445-AECD-427D-AC9B-5A731B225930}: DhcpNameServer = 199.47.194.253 199.47.192.253

I'll be completely honest with you here, my knowledge on the above is vague. I fear no one and have no reason to hide behind a cloaking device, though I have a felling that one of those things above is causing your problem. After running that batch file, you should have stayed connected though something changed a setting.

Personally, I would uninstall the VPN clients, get out from behind that letushide.com proxyserver, reset all 3 of your browsers back to defaults.

Even if that does give you the ability to open a webpage, please transfer the following program to the computer that will not connect and provide the log for our viewing pleasure.

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices - (dial) Only Problems - (dial) No Driver (dial) All
  • List Users, Partitions and Memory size
  • List Minidump Files
Click Go and post the result.

Thank you,
Donna :)
  • 0

#13
lemonwater16
Posted 12 February 2014 - 06:49 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Donna,

oh it is the VPN that is causing the problem! I did use it once to visit webpages that aren't accessible for my country but it didn't work so i just left it! Should probably have remove it! But anyway here is the report:

MiniToolBox by Farbar Version: 23-01-2014
Ran by user (administrator) on 12-02-2014 at 20:45:24
Running from "I:\"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=v2401.vir.kagoya.net:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
StrongVPN Adapter = ローカル エリア接続 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set subinterface interface=?F) subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : user-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter ローカル エリア接続:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : StrongVPN Adapter
Physical Address. . . . . . . . . : 00-FF-18-10-64-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-27-10-E6-67-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : C0-CB-38-E1-D8-EA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-27-10-E6-67-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::180d:e8cb:94b9:4551%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2014年2月12日 15:36:08
Lease Expires . . . . . . . . . . : 2014年2月13日 20:42:47
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 352331536
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-BF-39-EE-54-42-49-87-D8-FD
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 54-42-49-87-D8-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{18106445-AECD-427D-AC9B-5A731B225930}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B9034BED-756A-4F6A-A8A7-DBB066F128D6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:183e:2b2:3f57:ff8e(Preferred)
Link-local IPv6 Address . . . . . : fe80::183e:2b2:3f57:ff8e%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{02D0D320-E9D6-42F1-89D6-0A544BC32EC3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C68D5C7B-F9B0-43E1-A050-B58FD412FEC8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3217E480-10B7-42A1-8CBE-9A43BD747979}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: setup.hkbn.net
Address: 192.168.0.1

Name: google.com
Addresses: 2404:6800:4005:c00::8a
61.238.239.210
61.238.239.245
61.238.239.216
61.238.239.237
61.238.239.244
61.238.239.223
61.238.239.231
61.238.239.230
61.238.239.224
61.238.239.251
61.238.239.217
61.238.239.238


Pinging google.com [61.238.239.238] with 32 bytes of data:
Reply from 61.238.239.238: bytes=32 time=5ms TTL=59
Reply from 61.238.239.238: bytes=32 time=11ms TTL=59

Ping statistics for 61.238.239.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 11ms, Average = 8ms
Server: setup.hkbn.net
Address: 192.168.0.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=675ms TTL=51
Reply from 98.139.183.24: bytes=32 time=326ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 326ms, Maximum = 675ms, Average = 500ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...00 ff 18 10 64 45 ......StrongVPN Adapter
17...00 27 10 e6 67 55 ......Microsoft Virtual WiFi Miniport Adapter
13...c0 cb 38 e1 d8 ea ......Bluetooth Device (Personal Area Network)
12...00 27 10 e6 67 54 ......Intel® Centrino® Advanced-N 6200 AGN
11...54 42 49 87 d8 fd ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.113 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.113 281
192.168.0.113 255.255.255.255 On-link 192.168.0.113 281
192.168.0.255 255.255.255.255 On-link 192.168.0.113 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.113 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.113 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:5ef5:79fd:183e:2b2:3f57:ff8e/128
On-link
12 281 fe80::/64 On-link
15 306 fe80::/64 On-link
12 281 fe80::180d:e8cb:94b9:4551/128
On-link
15 306 fe80::183e:2b2:3f57:ff8e/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/12/2014 08:42:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4158783

Error: (02/12/2014 08:42:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4158783

Error: (02/12/2014 08:42:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2014 07:33:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (02/12/2014 07:33:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (02/12/2014 07:33:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2014 07:02:04 PM) (Source: Google Update) (User: user-VAIO)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Ht

Error: (02/12/2014 04:40:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2184

Error: (02/12/2014 04:40:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2184

Error: (02/12/2014 04:40:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/12/2014 08:44:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (02/12/2014 08:44:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (02/12/2014 08:44:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (02/12/2014 08:44:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (02/12/2014 04:35:03 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.

Error: (02/12/2014 04:35:03 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.

Error: (02/12/2014 04:35:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.

Error: (02/12/2014 04:08:36 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (02/12/2014 04:08:35 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (02/12/2014 04:08:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-13 18:25:36.036
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Rar$EXa0.364\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-13 18:25:35.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Rar$EXa0.364\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-28 21:54:22.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-28 21:54:22.472
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-12 18:32:43.496
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_2\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-12 18:32:43.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_2\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-12 18:32:43.341
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-12 18:32:43.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-03-27 16:23:40.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-03-27 16:23:40.060
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\tcphoc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
????
64 Bit HP CIO Components Installer (Version: 7.2.4)
Adobe AIR (Version: 4.0.0.1390)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Age of Mythology
Age of Mythology - The Titans Expansion
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.115)
ArcSoft WebCam Companion 3 (Version: 3.0.21.368)
Audacity 2.0.3 (Version: 2.0.3)
avast! Free Antivirus (Version: 9.0.2011)
BaiduPlayerBaiduYun1.19.1.23 (Version: 1.19.1)
Bamboo Dock (Version: 4.1)
Bamboo Dock (Version: 4.1.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.10)
Condition Zero
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
DC++ 0.811 (Version: 0.811)
Dropbox (Version: 1.0.20)
easyMule
EndNote X6 (Version: 16.0.1.6599)
Evernote (Version: 3.5.4.2224)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447)
FileHippo.com Update Checker
GameSpy Arcade
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
GTA2 (Version: 1.00.001)
Guitar Pro 5.2
HPDiagnosticAlert (Version: 1.00.0000)
iCloud (Version: 1.1.0.40)
IE???? (Version: 3.0.3.2)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Turbo Boost Technology Driver (Version: 01.02.00.1002)
iTudou (Version: 3.0.3.0)
iTunes (Version: 11.1.3.8)
Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
Java 7 Update 13 (64-bit) (Version: 7.0.130)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
KMP Service
Left 4 Dead 2
LINE (Version: 3.0.0.10)
Mabinogi
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 (Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Gallery (Version: 2.0.0.11150)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Games for Windows - LIVE (Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.1.99.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint Viewer (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Application Compatibility Database
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML4 Parser (Version: 1.0.0)
nabocorp. picsaver (remove only)
Nexon Game Manager
Nitro PDF Reader (Version: 1.4.0.11)
Norton Online Backup (Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 6.14.11.9791)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA PhysX (Version: 9.09.0428)
osu! (Version: 0.0.0.0)
Overture 4.0 繁體中文版 (Version: 4.0.27)
Pando Media Booster (Version: 2.3.6.0)
Pavtube Video Converter Ver 3.7.3.1865
PMB (Version: 5.3.00.06040)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300)
Pod to PC 4.004
Prepare Your VAIO (Version: 5.0.0.06120)
Prepare Your VAIO (Version: 5.0.06070)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
PunkBuster Services (Version: 0.986)
Python 2.7 PIL-1.1.7
Python 2.7.1 (Version: 2.7.1150)
QQ旋?4.4 (Version: 4.4.751.401)
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6077)
RealUpgrade 1.1 (Version: 1.1.0)
Remote Keyboard (Version: 1.1.1.03020)
ResearchSoft Direct Export Helper
RPGツクール2003 ランタイムパッケージ
RPGツクールVX RTP (Version: 1.02)
Safari (Version: 5.34.57.2)
Screen Recording Suite V3.0.3 (Version: 3.0.3)
Skype? 6.3 (Version: 6.3.107)
SmartSound Quicktracks for Premiere Elements 8.0 (Version: 3.11.3090)
Sony Ericsson Update Engine (Version: 2.12.1.13)
Sony PC Companion 2.10.030 (Version: 2.10.030)
Spotify (Version: 0.9.6.81.gd359a796)
Star Wars JK II Jedi Outcast
Star Wars? Knights of the Old Republic ™
Steam
StreamTransport version: 1.0.2.2171
StrongVPN Client (Version: 1.3.4.4)
SUPERAntiSpyware (Version: 5.7.1018)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.9.0)
TeamViewer 6 (Version: 6.0.11117)
The KMPlayer (remove only) (Version: 3.7.0.113)
The Sims 2 Open For Business
The Sims 2 University
The Sims? 2 Double Deluxe
Thief Gold
tohoGolden (Version: 1.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Media Gallery (Version: 2.0.1.12040)
VAIO - PMB VAIO Edition Guide (Version: 1.5.00.03020)
VAIO - PMB VAIO Edition Plug-in (Version: 1.5.10.06150)
VAIO - 遠端鍵盤 (Version: 1.0.1.03020)
VAIO Care (Version: 6.4.1.05290)
VAIO Control Center (Version: 4.3.0.05310)
VAIO Data Restore Tool (Version: 1.4.0.05240)
VAIO DVD Menu Data (Version: 2.4.00.05300)
VAIO Gate (Version: 2.2.1.09130)
VAIO Gate Default (Version: 2.2.0.07020)
VAIO Hardware Diagnostics (Version: 4.0.0.06230)
VAIO Manual (Version: 1.1.0.05280)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (Version: 2.1.0.18210)
VAIO Media plus Opening Movie (Version: 2.1.0.14080)
VAIO Movie Story Template Data (Version: 2.3.00.06040)
VAIO Movie Story Template Data (Version: 2.5.00.05300)
VAIO Sample Contents (Version: 1.3.0.06040)
VAIO Smart Network (Version: 3.3.1.08110)
VAIO Transfer Support (Version: 1.2.0.06230)
VAIO Update (Version: 6.1.1.10250)
VirtualCloneDrive
VOCALOID2 Editor V2.0.4.2J (Version: 0.0.0.1)
VOCALOID2 Expression DB (Standard) (Version: 0.0.0.1)
VOCALOID2 Voice DB (Len) (Version: 0.0.0.1)
VOCALOID2 Voice DB (Rin) (Version: 0.0.0.1)
VOCALOID2 VSTi V2.0.4.2 (Version: 0.0.0.1)
VU5x64 (Version: 1.1.0)
VU5x86 (Version: 1.1.0)
WebTablet FB Plugin 32 bit (Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live フォト ギャラリー (Version: 15.4.3502.0922)
Windows Live メール (Version: 15.4.3502.0922)
Wing IDE 101 4.0.0-1
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wondershare Video Editor(Build 3.0.1)
Yahoo!ツールバー (Version: 7.3.0.15)
YTD Toolbar v6.6 (Version: 6.6)
YTD YouTube Downloader & Converter 3.6
YY4 (Version: 4.6.0.3)
カタハネ
クラス全員マヂでゆり!
サドンアタック
ニコ生アラート(本家) (Version: 1.2.0)
ふたば☆ちゃんねる2.5
モナソ眩ヘサァカヒ (Version: 3.2.1.8174)
屋上の百合霊さん (Version: 1.00.0000)
九方TS繁簡專業版 (Version: 01.00.0000)
真剣で私に恋しなさい!
千千靜聽 5.7正式版 (Version: 5.7正式版)
妹ぱらだいす!Hアニメ増量版 (Version: 1.00.0)

========================= Devices: ================================

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3958.88 MB
Available physical RAM: 2110.59 MB
Total Pagefile: 8722.02 MB
Available Pagefile: 6173.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.87 GB) (Free:17.32 GB) NTFS
2 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive i: (JKLFS) (Removable) (Total:7.46 GB) (Free:2.21 GB) FAT32

========================= Users: ========================================

User accounts for \\USER-VAIO

Administrator ASPNET Guest
user

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


Thank you,
Christie
  • 0

#14
DonnaB
Posted 12 February 2014 - 08:42 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Christie,

oh it is the VPN that is causing the problem!


Did you uninstall the VPN? I still see it listed in the Installed Programs list of the MiniToolBox log.

Are you able to open a webpage now?

Please keep me informed. I know you pointed out that you would be heading overseas and I had hoped to get you squared away before you left since you were not taking the laptop with you.

If we don't connect before you leave, have a safe trip.

Donna :)
  • 0

#15
lemonwater16
Posted 13 February 2014 - 06:55 AM

lemonwater16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Donna,

I have uninstalled the StongVPN program, however i could not find the other one. And also same thing happened, after 10 minutes of being able to go on the internet, it dropped again.

Don't know if i can still reply tomorrow or not but Thank you very much for your replies Donna!


Christie
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP