Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Comuter is slow [Closed]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
A lot of the stuff that ESET found had already been quarantined by AdwCleaner and OTL. We will remove them when we clean up.
Unfortunately, you didn't let MalwareBytes clean what it found.

Please go back to Step 2. in post #13. Run MalwareBytes again and pay particular attention to #7 of the instructions.

Please post the new MalwareBytes log.
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#19
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
i might not have time for this tomoro
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

User returned.

Welcome back. As it has been a month and a half since there has been any activity, I'm afraid that we will need to start with fresh scans. Please follow the instructions below to uninstall/remove the old versions of the tools. Then we will download fresh ones and get some scans.


Uninstall ESET

1. Please click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47., click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer.


Uninstall AdwCleaner

Re-open AdwCleaner

  • Click the Uninstall button
  • Confirm with yes

adwcleaner_uninstall.jpg


OTL Cleanup

Please re-open otlDesktopIcon.png on your desktop.

  • Be sure all other programs are closed as this step will require a reboot.
  • Click on btnCleanUp.png
  • You will be prompted to reboot your system. Please do so.

The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself.


Delete the following Files and Folders (If Present):

MBR.dat
MicrosoftFixit50906.msi
JRT.exe
JRT.txt
SecurityCheck.exe
checkup.txt

Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.


Step-1.

otlicon.pngOTL Custom Scan

Click her to download OTL. Save it to the Desktop. It is important that it is download to the Desktop.

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png box in OTL. To do that:

  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
prcss.dll
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open otlicon.pngon the desktop. To do that:

  • Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Do Not click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thecustomFix.png box, right click and click Paste. This will put the above script inside OTL
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file.


Step-2.

Run aswMBR

  • Download aswMBR.exe  to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    AswMBR%20scan.JPG
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    aswMBR2.png

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The aswMBR log
2. The OTL.txt log
3. The Extras.txt log
 

 


  • 0

#22
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Heres my aswMBR:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-12 23:55:15
-----------------------------
23:55:15.082    OS Version: Windows x64 6.1.7601 Service Pack 1
23:55:15.082    Number of processors: 4 586 0x100
23:55:15.083    ComputerName: ALEX-HP  UserName: Storage
23:55:17.636    Initialize success
23:55:20.807    AVAST engine defs: 14041201
23:55:30.088    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
23:55:30.093    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
23:55:30.105    Disk 0 MBR read successfully
23:55:30.111    Disk 0 MBR scan
23:55:30.119    Disk 0 Windows 7 default MBR code
23:55:30.125    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:55:30.144    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       936762 MB offset 206848
23:55:30.185    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17005 MB offset 1918695424
23:55:30.235    Disk 0 scanning C:\Windows\system32\drivers
23:55:39.634    Service scanning
23:55:58.313    Modules scanning
23:55:58.332    Disk 0 trace - called modules:
23:55:58.379    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066e52c0]<<sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
23:55:58.723    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007723060]
23:55:58.736    3 CLASSPNP.SYS[fffff88001ac843f] -> nt!IofCallDriver -> [0xfffffa8007145ac0]
23:55:58.748    \Driver\amd_xata[0xfffffa8007132060] -> IRP_MJ_CREATE -> 0xfffffa80066e52c0
23:55:58.756    5 amd_xata.sys[fffff88001021d00] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8007142650]
23:55:58.762    \Driver\amd_sata[0xfffffa8007131bc0] -> IRP_MJ_CREATE -> 0xfffffa80066e32c0
23:56:01.335    AVAST engine scan C:\Windows
23:56:04.385    AVAST engine scan C:\Windows\system32
23:58:22.917    AVAST engine scan C:\Windows\system32\drivers
23:58:41.300    AVAST engine scan C:\Users\Storage
00:10:10.218    AVAST engine scan C:\ProgramData
00:23:49.390    Scan finished successfully
00:59:55.272    Disk 0 MBR has been saved successfully to "C:\Users\Storage\Desktop\MBR.dat"
00:59:55.279    The log file has been saved successfully to "C:\Users\Storage\Desktop\aswMBR.txt"
 
My OTL:

OTL logfile created on: 4/12/2014 11:35:45 PM - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Storage\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.48 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 71.77% Memory free

14.95 Gb Paging File | 12.37 Gb Available in Paging File | 82.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 914.81 Gb Total Space | 517.12 Gb Free Space | 56.53% Space Free | Partition Type: NTFS

Drive D: | 16.61 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS

 

Computer Name: ALEX-HP | User Name: Storage | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/04/12 23:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe

PRC - [2014/04/02 17:13:16 | 003,774,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe

PRC - [2014/04/01 18:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2014/02/25 14:57:44 | 001,821,888 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2014/02/09 22:57:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/06/17 22:24:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/08/16 14:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

PRC - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

PRC - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/04/01 18:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll

MOD - [2014/04/01 18:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

MOD - [2014/04/01 18:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

MOD - [2014/04/01 18:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

MOD - [2014/04/01 18:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

MOD - [2014/04/01 18:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

MOD - [2014/04/01 18:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

MOD - [2014/02/27 19:36:13 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll

MOD - [2014/02/27 19:35:49 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll

MOD - [2014/02/27 19:35:10 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll

MOD - [2014/02/26 22:57:24 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll

MOD - [2014/02/26 22:57:19 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll

MOD - [2014/02/26 22:57:16 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll

MOD - [2014/02/26 22:57:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll

MOD - [2014/02/26 22:57:13 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll

MOD - [2014/02/26 22:57:13 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll

MOD - [2014/02/26 22:57:12 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll

MOD - [2014/02/26 22:57:12 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll

MOD - [2014/02/26 22:57:10 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll

MOD - [2014/02/26 22:57:07 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll

MOD - [2014/02/26 22:57:07 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll

MOD - [2014/02/26 22:57:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/02/25 14:57:46 | 001,135,296 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2014/02/25 14:57:46 | 000,119,488 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\audio.dll

MOD - [2014/02/10 19:34:30 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2014/02/09 22:57:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/01/10 16:33:44 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2013/12/12 15:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll

MOD - [2013/11/04 18:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll

MOD - [2013/06/14 16:49:16 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi

MOD - [2013/06/14 16:49:16 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi

MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/02/09 22:57:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/10/24 06:16:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/01/28 17:55:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2013/06/17 22:24:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)

SRV - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/02/09 22:57:57 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2014/02/09 22:57:57 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2014/02/09 22:57:57 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/02/09 22:57:57 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/02/09 22:57:57 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)

DRV:64bit: - [2014/02/09 22:57:57 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/02/09 22:57:57 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/01/22 07:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/12/10 17:14:26 | 000,074,432 | ---- | M] (Razer, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)

DRV:64bit: - [2013/07/14 14:50:11 | 000,111,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys -- (NIWinCDEmu)

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/05/09 01:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2013/02/22 22:44:51 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/06 10:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2012/11/17 07:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)

DRV:64bit: - [2012/10/16 21:04:10 | 000,123,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/05/09 12:50:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/05/09 12:50:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011/10/24 06:56:54 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/10/24 05:40:08 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/09/14 03:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/08/03 20:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)

DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/09/27 00:09:08 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{7486BD2A-0307-6164-8127-53BFF248EBE9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes\{DC8537D2-46C8-4740-B4AE-9153E680C99E}: "URL" = http://search.yahoo....p={searchTerms}

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes\{EFBF8077-8D2C-4031-8774-BE5EE79B6562}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_80.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_80.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2014/02/16 23:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Storage\AppData\Roaming\Mozilla\Extensions

[2013/05/09 23:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_95.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\

CHR - Extension: Custom Googleâ„¢ Background = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\6.3_0\

CHR - Extension: Ponify = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae\0.96.4_0\

CHR - Extension: Google Wallet = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: HoofSounds = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk\1.212_0\

 

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - Startup: C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w

O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)

O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C882AA94-6E83-4763-A643-0CBF69D7C1B0}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/04/12 23:33:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe

[2014/04/10 18:24:56 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2014/04/10 18:24:56 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2014/04/10 18:24:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll

[2014/04/10 18:24:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll

[2014/04/10 18:24:54 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2014/04/10 18:24:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2014/04/10 18:24:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2014/04/10 18:24:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2014/04/10 18:24:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2014/04/10 18:24:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2014/04/10 18:24:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2014/04/10 18:24:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2014/04/10 18:24:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2014/04/10 18:24:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2014/04/06 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\FileTypeAssistant

[2014/04/05 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\Skype

[2014/04/05 17:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2014/04/05 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2014/04/05 17:33:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2014/04/04 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\IsolatedStorage

[2014/04/04 19:07:09 | 000,000,000 | ---D | C] -- C:\Users\Storage\Documents\TurboTax

[2014/04/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Roaming\Intuit

[2014/04/04 19:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013

[2014/04/04 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit

[2014/04/04 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax

[2014/04/04 19:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/04/12 23:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe

[2014/04/12 14:41:56 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/04/12 14:41:56 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/04/12 14:40:19 | 000,783,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/04/12 14:40:19 | 000,662,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/04/12 14:40:19 | 000,122,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/04/12 14:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/04/12 14:34:00 | 1726,414,847 | -HS- | M] () -- C:\hiberfil.sys

[2014/04/06 17:37:05 | 004,903,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/04/06 17:23:40 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2014/04/06 16:59:48 | 000,447,895 | ---- | M] () -- C:\Users\Storage\Documents\Alex's 2013 tax returns.pdf

[2014/04/06 16:00:45 | 000,000,298 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2014/04/05 17:33:43 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2014/04/04 19:05:44 | 000,002,531 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk

[2014/04/02 17:15:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/04/06 17:23:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2014/04/06 17:23:40 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2014/04/06 16:59:47 | 000,447,895 | ---- | C] () -- C:\Users\Storage\Documents\Alex's 2013 tax returns.pdf

[2014/04/05 17:33:43 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2014/04/04 19:07:04 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2014/04/04 19:05:44 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk

[2014/04/02 17:15:33 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job

[2013/06/04 17:03:21 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe

[2013/06/02 19:21:59 | 000,000,258 | RHS- | C] () -- C:\Users\Storage\ntuser.pol

[2012/11/17 07:23:24 | 000,021,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys

[2012/11/16 23:21:08 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

[2012/10/25 07:33:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/10/25 07:30:20 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/09/26 16:31:27 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat

[2012/09/14 23:43:29 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/14 23:43:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/08/09 00:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2012/08/09 00:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2012/07/22 23:21:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2012/05/09 12:53:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2012/11/04 12:04:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft

[2012/07/23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari

[2012/08/31 21:32:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BANDISOFT

[2012/11/17 10:24:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/11/16 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/02/22 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite

[2013/02/09 19:28:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FlvtoConverter

[2013/06/20 14:17:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Free PDF Tablet

[2012/07/22 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech

[2012/07/19 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient

[2012/09/14 22:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details

[2013/06/21 11:34:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin

[2012/11/16 23:21:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PACE Anti-Piracy

[2012/08/05 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PC Cleaners

[2012/08/05 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PCPro

[2012/11/17 10:22:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PDAppFlex

[2013/08/13 00:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client

[2013/03/12 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent

[2012/07/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinBatch

[2013/11/27 23:52:13 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Ableton

[2013/08/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Audacity

[2014/02/09 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\AVAST Software

[2013/06/25 16:20:38 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\BANDISOFT

[2013/07/20 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Cycling '74

[2013/08/09 16:41:15 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\FlvtoConverter

[2013/06/30 22:28:12 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Free PDF Tablet

[2013/06/10 22:35:33 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\LolClient

[2013/07/24 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\ooVoo Details

[2013/07/30 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Origin

[2013/11/28 20:34:34 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\PACE Anti-Piracy

[2014/02/05 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\PhotoScape

[2014/02/10 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\SecondLife

[2014/02/12 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\SoftGrid Client

[2013/07/20 15:13:11 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\TotalRecorder

[2014/02/16 23:40:00 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\uTorrent

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

========== Base Services ==========

SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)

SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)

SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)

SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)

SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)

SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)

SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)

SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)

SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)

SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)

SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)

SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)

SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2012/05/09 12:43:30 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)

SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)

SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)

SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)

SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)

SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)

No service found with a name of MsMpSvc

No service found with a name of NisSrv

SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)

SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)

SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)

SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)

SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)

SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)

SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)

SRV:64bit: - [2012/05/09 12:45:47 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)

SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)

SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)

No service found with a name of EMDMgmt

SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)

SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)

SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)

SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)

SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)

SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)

SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)

SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)

SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)

No service found with a name of slsvc

SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)

SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)

SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)

SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)

SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)

SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)

SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)

SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)

SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)

SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)

SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)

SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)

SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)

SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)

SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)

SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

 

< %SYSTEMDRIVE%\*.exe >

 

< MD5 for: EXPLORER.EXE  >

[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe

[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

 

< MD5 for: SVCHOST.EXE  >

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

 

< MD5 for: USERINIT.EXE  >

[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 

< MD5 for: WINLOGON.EXE  >

[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 

< c:\program files (x86)\Google\Desktop >

[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009/07/13 22:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/19 12:22:54 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1003Core.job

[2012/07/19 12:22:54 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1003UA.job

[2012/09/30 09:49:35 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1005Core.job

[2012/09/30 09:49:35 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1005UA.job

[2013/05/16 12:42:30 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2013/06/02 20:19:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2013/06/14 17:11:30 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForStorage.job

[2014/04/02 17:15:33 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job

 

< c:\program files\Google\Desktop >

 

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C is OS

Volume Serial Number is D28D-97D1

Directory of C:\

07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]

              0 File(s)              0 bytes

Directory of C:\ProgramData

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]

07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]

07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

              0 File(s)              0 bytes

Directory of C:\Users

07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]

07/13/2009  10:08 PM    <JUNCTION>     Default User [C:\Users\Default]

              0 File(s)              0 bytes

Directory of C:\Users\Alex

07/17/2012  02:46 PM    <JUNCTION>     Application Data [C:\Users\Alex\AppData\Roaming]

07/17/2012  02:46 PM    <JUNCTION>     Cookies [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies]

07/17/2012  02:46 PM    <JUNCTION>     Local Settings [C:\Users\Alex\AppData\Local]

07/17/2012  02:46 PM    <JUNCTION>     My Documents [C:\Users\Alex\Documents]

07/17/2012  02:46 PM    <JUNCTION>     NetHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

07/17/2012  02:46 PM    <JUNCTION>     PrintHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

07/17/2012  02:46 PM    <JUNCTION>     Recent [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Recent]

07/17/2012  02:46 PM    <JUNCTION>     SendTo [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\SendTo]

07/17/2012  02:46 PM    <JUNCTION>     Start Menu [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu]

07/17/2012  02:46 PM    <JUNCTION>     Templates [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Templates]

              0 File(s)              0 bytes

Directory of C:\Users\Alex\AppData\Local

07/17/2012  02:46 PM    <JUNCTION>     Application Data [C:\Users\Alex\AppData\Local]

07/17/2012  02:46 PM    <JUNCTION>     History [C:\Users\Alex\AppData\Local\Microsoft\Windows\History]

07/17/2012  02:46 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files]

              0 File(s)              0 bytes

Directory of C:\Users\Alex\Documents

07/17/2012  02:46 PM    <JUNCTION>     My Music [C:\Users\Alex\Music]

07/17/2012  02:46 PM    <JUNCTION>     My Pictures [C:\Users\Alex\Pictures]

07/17/2012  02:46 PM    <JUNCTION>     My Videos [C:\Users\Alex\Videos]

              0 File(s)              0 bytes

Directory of C:\Users\All Users

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]

07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]

07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

              0 File(s)              0 bytes

Directory of C:\Users\Default

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]

07/13/2009  10:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

07/13/2009  10:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]

07/13/2009  10:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]

07/13/2009  10:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

07/13/2009  10:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

07/13/2009  10:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

07/13/2009  10:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

              0 File(s)              0 bytes

Directory of C:\Users\Default\AppData\Local

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]

07/13/2009  10:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

              0 File(s)              0 bytes

Directory of C:\Users\Default\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]

07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]

07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]

              0 File(s)              0 bytes

Directory of C:\Users\Public\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]

07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]

07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]

              0 File(s)              0 bytes

Directory of C:\Users\Storage

06/02/2013  07:21 PM    <JUNCTION>     Application Data [C:\Users\Storage\AppData\Roaming]

06/02/2013  07:21 PM    <JUNCTION>     Cookies [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Cookies]

06/02/2013  07:21 PM    <JUNCTION>     Local Settings [C:\Users\Storage\AppData\Local]

06/02/2013  07:21 PM    <JUNCTION>     My Documents [C:\Users\Storage\Documents]

06/02/2013  07:21 PM    <JUNCTION>     NetHood [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

06/02/2013  07:21 PM    <JUNCTION>     PrintHood [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

06/02/2013  07:21 PM    <JUNCTION>     Recent [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Recent]

06/02/2013  07:21 PM    <JUNCTION>     SendTo [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\SendTo]

06/02/2013  07:21 PM    <JUNCTION>     Start Menu [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Start Menu]

06/02/2013  07:21 PM    <JUNCTION>     Templates [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Templates]

              0 File(s)              0 bytes

Directory of C:\Users\Storage\AppData\Local

06/02/2013  07:21 PM    <JUNCTION>     Application Data [C:\Users\Storage\AppData\Local]

06/02/2013  07:21 PM    <JUNCTION>     History [C:\Users\Storage\AppData\Local\Microsoft\Windows\History]

06/02/2013  07:21 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Storage\AppData\Local\Microsoft\Windows\Temporary Internet Files]

              0 File(s)              0 bytes

Directory of C:\Users\Storage\Documents

06/02/2013  07:21 PM    <JUNCTION>     My Music [C:\Users\Storage\Music]

06/02/2013  07:21 PM    <JUNCTION>     My Pictures [C:\Users\Storage\Pictures]

06/02/2013  07:21 PM    <JUNCTION>     My Videos [C:\Users\Storage\Videos]

              0 File(s)              0 bytes

    Total Files Listed:

              0 File(s)              0 bytes

             66 Dir(s)  556,010,147,840 bytes free


< End of report >

 

 

And.. Extras? I don't have that


  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The aswMBR scan is clean. I don't see anything in the OTL log. You didn't get the Extras log file because OTL only generates it on the first run. The OTL log you posted shows Run 4. We will force OTL to generate an Extras.txt log.

What symptoms are you  still experiencing?
 
NOTE: I have changed the settings for OTL so please read them carefully.

OTL Scan

Please re-open otlicon.png on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • At the top of the console click the greyed out None button<---Very Important
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Very Important...This will get us the Extras.txt log
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt will be opened on the desktop and Extras.Txt will be minimized on the taskbar. I don't need the OTL.txt file so close it and open the Extras.txt file and post it in your next reply.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question above.
2. The Extras.txt log
  • 0

#24
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

The OTL still didn't create an Extras.txt file, and i did the scan exactly like you told me to.

 

My symptoms are.. When i try to do certain downloads, it takes an excessive amount of time to even open up. And using programs such as TurboTax, I need to be careful not to click around a lot, or else the program often becomes unresponsive. But games and things like Steam are working well, a huge improvement from when I started this thread


  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks for the update on the symptoms. If you didn't get an Extras.txt file it's because you didn't click the radio button beside Use SafeList in the Extra Registry section of the OTL console. Look at the image below and make sure that the OTL settings look exactly like the ones there. Then hit the Run Scan button.

 


  • 0

Advertisements


#26
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Success: Here are the extras

 

 

OTL Extras logfile created on: 4/13/2014 3:44:55 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Storage\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.48 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 74.04% Memory free
14.95 Gb Paging File | 11.95 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.81 Gb Total Space | 518.14 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 16.61 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-HP | User Name: Storage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D399A54-792A-4738-AEF4-3E20C1994608}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{0EC1AAC2-B78C-4A5B-8CF9-B6CC4117A4B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{0FF4DDBE-5FE1-436A-8CAD-BD8046448349}" = lport=137 | protocol=17 | dir=in | app=system | 
"{293856EF-1280-43CE-8747-60BE98723138}" = lport=445 | protocol=6 | dir=in | app=system | 
"{335AD07C-0289-40DB-B96A-59B68364BF71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D89D8E7-C4D9-49DE-A748-129EC53B65EB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{547709C2-85E4-4339-BA76-4D4B8B160357}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5DE82AA3-48FA-4D52-82B5-D5A20D5E0ED1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5EEEAD9E-0D2C-4C99-A154-0BBD12CBD35E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6C916DCA-84F9-4476-89F3-87E831EAB3B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7985E074-CD36-47A0-B653-0B5BF728EDAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7E4601CB-D769-4817-901F-E57251E7D9EC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7F1CAF95-6FFD-4F5A-AE4B-0CD5AC164507}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84F691A8-9DF6-442D-9003-688760D72D9F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{93472A15-6F4C-485E-B3A1-74B1DFC6C0E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A6CC174-1BA8-4B31-A7DB-EDDDFBE439DC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF970C9F-116A-44B3-BCBC-E50C5AA95BFC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{B058DDC6-B273-4078-9102-94F2EE0C8070}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B6962769-6687-4030-B3D0-EB60E010B3D8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B9146D9C-60AC-4911-9D50-AE3AE981FA60}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C54B4CA2-2359-412E-AA32-F554771B3063}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E2F84FBC-E4E3-495C-BC93-33E22B2A49BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FAB0C83D-6D61-43A1-BD2F-66B6A5965914}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFB69CD-4888-431C-A105-A26CC3BC417C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{0F284B7A-3C90-439F-A759-C88A9D8CD71C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe | 
"{109E062E-050C-431C-BDE0-BB6D81F9D231}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2730A66E-04B4-42AD-AFE4-288163BB6227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{29CFFC23-9D35-462F-94DA-9A7559802B59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe | 
"{382E0773-C74A-4591-AE93-47BED729F4D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3FBBA282-CFFA-4C7A-A371-FA3A554118CD}" = protocol=1 | dir=out | [email protected],-28544 | 
"{4090AEAF-9076-4BF3-B416-DF3FC0541FF7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{41CA6B19-835B-4C41-9677-98B07BD097C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe | 
"{4F043616-CD2A-4D09-A9E6-11933127436E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{577EDE35-48DB-42DC-BDB9-C29CDBDF0C73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{675F3A55-7497-4A82-83A7-503CAB63B6C2}" = protocol=58 | dir=in | [email protected],-148 | 
"{67FD1E06-F847-4A18-B8D9-067339B0B248}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe | 
"{6E807770-F6CF-43A2-B484-8A284DB74414}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{7CCF96D3-68E8-4510-84EF-A201AF2080E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe | 
"{8F0A1275-066D-4498-BF1C-ABF62C0B7AF9}" = protocol=58 | dir=in | [email protected],-28545 | 
"{9AA94BF8-E754-4A02-9077-C52F07327DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{A3C359C0-E859-4367-9602-C992D19FD660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A97D94EF-2EE1-4301-87EA-9745B17E20CA}" = protocol=1 | dir=in | [email protected],-28543 | 
"{AACC0D53-335D-4BA4-9643-9A372157A431}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B4182F0A-9BA5-4EB2-BB1C-69D3F5F5A162}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe | 
"{B4D84EC6-9FAF-4646-9FCA-2F2B588C328F}" = protocol=58 | dir=out | [email protected],-28546 | 
"{C1EAF21A-16D0-4B69-BBD1-C9EF165B3E79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CF8C21B9-F8A3-4899-8754-C26177081757}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"TCP Query User{060327F6-CDBC-408D-A478-24C038BFCC6B}C:\programdata\battle.net\agent\agent.2380\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"TCP Query User{E0E5BDAD-C34B-416D-997D-4FFC84B70529}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{199EC943-4621-4B14-AF56-F67C41045D73}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{ABA9F0C0-BACD-40DB-BAE9-B726DC6C45CB}C:\programdata\battle.net\agent\agent.2380\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4F5611-13A0-4EBD-BFAF-156D5B5AC0ED}" = VirtualDJ LE (Numark)
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF1604B3-183A-4400-B950-6B0BDD61ADC8}" = Luxe Voice Pack Editor
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B5E09A5F-4934-4427-A243-6DD77303FE9C}" = Luxe USB Interface
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"APB Reloaded" = APB Reloaded
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitZipper_is1" = BitZipper 2013
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Combat Arms" = Combat Arms
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Flvto Youtube Downloader" = Flvto Youtube Downloader
"Fraps" = Fraps
"Free PDF Tablet" = Free PDF Tablet
"Friendship is Memories_is1" = Friendship is Memories
"FYZip" = FYZip 1.00
"Google Chrome" = Google Chrome
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LAME_is1" = LAME v3.99.3 (for Windows)
"Live 8.2.2" = Live 8.2.2
"MapleStory" = MapleStory
"MapleStory Dual Blade" = MapleStory Dual Blade Screen Saver
"MapleStory Dual Blade Clock" = MapleStory Dual Blade Clock Screen Saver
"Motocross Madness Trial 1.0" = Microsoft Motocross Madness Trial
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Factory Selection for Maschine" = Native Instruments Guitar Rig Factory Selection for Maschine
"Native Instruments Komplete 8 Players" = Native Instruments Komplete 8 Players
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"SecondLifeViewer" = SecondLifeViewer (remove only)
"StarCraft II" = StarCraft II
"Steam App 109400" = MicroVolts
"Steam App 204300" = Awesomenauts
"Steam App 212180" = Combat Arms
"Steam App 216150" = MapleStory
"Steam App 218230" = PlanetSide 2
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 91600" = Sanctum
"TmNationsForever_is1" = TmNationsForever
"TotalRecorder" = Total Recorder 8.4 Professional Edition
"Trusted Software Assistant_is1" = File Type Assistant
"TurboTax 2013" = TurboTax 2013
"Voxengo SPAN_is1" = Voxengo SPAN version 2.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-165f9d32-a84a-4d1d-967b-92081484c1f1" = RollerCoaster Tycoon 3: Platinum
"WTA-1ed6e27b-5da4-46de-94aa-9fe14c2bcc6d" = John Deere Drive Green
"WTA-242a2852-bf5e-4679-b333-34229bdad259" = Cradle of Rome 2
"WTA-24523e56-21e4-44da-bb07-3cf3b7b2b0e8" = Bejeweled 3
"WTA-2967a8de-900a-4cab-9eb3-0c742b0aad50" = Dora's World Adventure
"WTA-347c2274-3854-4068-bfe5-1376d81e1376" = Torchlight
"WTA-467545f9-c261-4da6-a139-4d3011e4d69b" = Final Drive Fury
"WTA-48ff740a-ea35-4b95-89a8-c7c7bfd93fc3" = Virtual Villagers 4 - The Tree of Life
"WTA-4cf4a05f-944b-4527-9384-c55a2ebd6955" = Zuma's Revenge
"WTA-4d2dcda3-7435-47ed-aaaa-f3b52b211c65" = The Treasures of Mystery Island: The Ghost Ship
"WTA-4ec344ee-d784-4309-9262-7f9544c81373" = FATE
"WTA-4fa319c5-56a6-48f0-a2af-7a3c1c6e35c9" = Polar Golfer
"WTA-5374b362-d46b-4258-bc79-c10e505b4ec2" = Mah Jong Medley
"WTA-55d2aa9b-1bed-4d43-91e7-9c7a147efddb" = Chuzzle Deluxe
"WTA-5af68c9a-92c7-4e67-8093-809568e007de" = Polar Bowler
"WTA-60d72083-7a32-4c11-818f-4405351b74b6" = Hoyle Card Games
"WTA-630ed6af-a06e-4f51-bcdc-70911a1d333e" = Plants vs. Zombies - Game of the Year
"WTA-7167e51f-f8e3-47f5-85d7-7c6b5efaa921" = Farmscapes
"WTA-80523254-1ad9-437f-ac99-3b5740df674d" = Penguins!
"WTA-885e7b10-4aed-4546-b85c-ea3583f43fed" = Farm Frenzy
"WTA-9515af9f-5091-44c6-b495-cd4d0c529d87" = Luxor HD
"WTA-98340049-de87-43f0-947b-fff34ffdf7fd" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-c8b89e9d-9653-4161-ac72-a802eadeff38" = Letters from Nowhere 2
"WTA-ce5bb1b6-2d15-402b-890e-4949eea393de" = Jewel Match 3
"WTA-f12ae0c7-00c7-44b7-aa58-d43573288378" = Poker Superstars III
"WTA-f7a38885-2d7d-4293-9168-ff0c04edc348" = Blackhawk Striker 2
"zk_sc" = zk_sc Screen Saver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/13/2014 6:41:37 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 4/13/2014 6:41:47 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 for read only access failed with system error 5 (0x00000005): "Access is denied.
 ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error - 4/13/2014 6:41:47 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 4/13/2014 6:41:57 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 for read only access failed with system error 5 (0x00000005): "Access is denied.
 ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error - 4/13/2014 6:41:57 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 4/13/2014 6:42:07 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 for read only access failed with system error 5 (0x00000005): "Access is denied.
 ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error - 4/13/2014 6:42:07 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 4/13/2014 6:42:17 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 for read only access failed with system error 5 (0x00000005): "Access is denied.
 ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error - 4/13/2014 6:42:17 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 4/13/2014 6:42:27 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 for read only access failed with system error 5 (0x00000005): "Access is denied.
 ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error - 4/13/2014 6:42:27 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
 opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
[ Hewlett-Packard Events ]
Error - 7/17/2012 5:49:53 PM | Computer Name = Alex-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
 
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
 
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)
 
   at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib
 
Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 7656  Ram
 Utilization: 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/17/2012 5:49:54 PM | Computer Name = Alex-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
 
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
 
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)
 
   at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 7656  Ram
 Utilization: 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ System Events ]
Error - 4/12/2014 5:36:46 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
 error:   %%2
 
Error - 4/12/2014 6:01:26 PM | Computer Name = Alex-HP | Source = BROWSER | ID = 8032
Description = 
 
Error - 4/13/2014 4:27:11 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Sendoriv1 service failed to start due to the following error: 
  %%2
 
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFS
 
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 34001
Description = 
 
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 30013
Description = 
 
Error - 4/13/2014 4:29:49 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
 error:   %%2
 
Error - 4/13/2014 4:41:50 PM | Computer Name = Alex-HP | Source = BROWSER | ID = 8032
Description = 
 
Error - 4/13/2014 6:33:14 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 31004
Description = 
 
Error - 4/13/2014 6:33:15 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

  • 0

#27
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks for the Extras.txt log.
What do you mean by "certain" downloads? And what takes an excessive amount of time to open up?
Does this happen in all browsers or only certain ones?
 


  • 0

#28
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Mostly any download will take a long time to start. Like after i click "run", it will take a long time to start the next process, such as the "next" button or loading screen. The only browser i use i chrome


  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks.

Pando Media Booster Advice

Pando is a dire application that does not perform as stated and can be a bandwidth hog also.I don't think this will solve the issues with the browser. But it might help. If you decide to uninstall Pando:

1. Please click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47., click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Pando Media Booster

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\Pando Networks

2. Close Windows Explorer.


Step-1.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here
  • Click here to go to the RogueKiller download page.
  • Scroll down to the RogueKiller Download section and click the RogueKiller button and save the RogueKiller.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement and the browser will open with some information related to the program.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    RKScan.GIF
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    AdwCleaner.GIF
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you uninstalled Pando. There will be some remnants that we will need to remove from the system.
2. The RKreport.txt log
3. The AdwCleaner.[R0].txt log
  • 0

#30
ego10fan

ego10fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I uninstalled pando.

RK report.txt log:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Storage [Admin rights]
Mode : Scan -- Date : 04/16/2014 10:20:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (expstart.exe [-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (expstart.exe [-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ][PUM] HKLM\[...]\Wow6432Node\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F538A0)
[Address] EAT @explorer.exe (WlanConnect) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56D10)
[Address] EAT @explorer.exe (WlanDisconnect) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F557E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58394)
[Address] EAT @explorer.exe (WlanFreeMemory) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55268)
[Address] EAT @explorer.exe (WlanGetProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F599D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F594D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F591EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F592A4)
[Address] EAT @explorer.exe (WlanIhvControl) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F51960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F587D0)
[Address] EAT @explorer.exe (WlanScan) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54470)
[Address] EAT @explorer.exe (WlanSetProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F578A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F571A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F581B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58B58)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA630 SATA Disk Device +++++
--- User ---
[MBR] 82fa7079b189f876fad3503672ce41c8
[BSP] cd805c2ba9b5b91f9fc4c54ce3b32815 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936762 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918695424 | Size: 17005 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e6be123b9215f844f094ca91741c608e
[BSP] 652ec62a60a99b0710cc3947c4f9b824 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 MB
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multiple Card  Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_04162014_102012.txt >>
 
 
 
AdwCleaner:
# AdwCleaner v3.023 - Report created 16/04/2014 at 10:31:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Storage - ALEX-HP
# Running from : C:\Users\Storage\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files (x86)\File Type Assistant
Folder Found C:\Users\Storage\AppData\Local\FileTypeAssistant
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18905 octets] - [17/02/2014 00:28:34]
AdwCleaner[R1].txt - [19320 octets] - [23/02/2014 22:24:37]
AdwCleaner[R2].txt - [958 octets] - [16/04/2014 10:31:07]
AdwCleaner[S0].txt - [19252 octets] - [23/02/2014 22:31:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1078 octets] ##########
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP