This topic is lockedUnfortunately, you didn't let MalwareBytes clean what it found.
Please go back to Step 2. in post #13. Run MalwareBytes again and pay particular attention to #7 of the instructions.
Please post the new MalwareBytes log.
Comuter is slow [Closed]
Started by
ego10fan
, Feb 14 2014 06:13 PM
#16
Posted 01 March 2014 - 12:46 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Unfortunately, you didn't let MalwareBytes clean what it found.
Please go back to Step 2. in post #13. Run MalwareBytes again and pay particular attention to #7 of the instructions.
Please post the new MalwareBytes log.
#17
Posted 05 March 2014 - 04:28 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
#19
Posted 09 March 2014 - 08:47 PM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
i might not have time for this tomoro
#20
Posted 13 March 2014 - 10:43 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
#21
Posted 12 April 2014 - 01:12 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
User returned.
Welcome back. As it has been a month and a half since there has been any activity, I'm afraid that we will need to start with fresh scans. Please follow the instructions below to uninstall/remove the old versions of the tools. Then we will download fresh ones and get some scans.
Uninstall ESET
1. Please click the Start Orb 
, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):
ESET
3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)
1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files (86)\ESET
2. Close Windows Explorer.
Uninstall AdwCleaner
Re-open AdwCleaner
- Click the Uninstall button
- Confirm with yes
OTL Cleanup
Please re-open 
on your desktop.
- Be sure all other programs are closed as this step will require a reboot.
- Click on
- You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself.
Delete the following Files and Folders (If Present):
MBR.dat
MicrosoftFixit50906.msi
JRT.exe
JRT.txt
SecurityCheck.exe
checkup.txt
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.
Step-1.
OTL Custom Scan
Click her to download OTL. Save it to the Desktop. It is important that it is download to the Desktop.
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the 
box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
prcss.dll
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
2. Re-open on the desktop. To do that:
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
- You will see a console like the one below:
- Click the box beside Scan All Users at the top of the console
- Click the box beside Include 64bit Scans at the top of the console.
- Do Not click the box beside Include 64bit Scans at the top of the console.
- Make sure the Output box at the top is set to Standard Output.
- Check the boxes beside LOP Check and Purity Check.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the
button. Do not change any settings unless otherwise told to do so. - Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of these files and paste them into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.
Step-2.
Run aswMBR
- Download aswMBR.exe to your desktop.
- Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
- If it asks you if you want to download the latest virus definitions, click Yes
- Be sure the A/V Scan: is set to QuickScan
- Click the "Scan" button to start the scan
- On completion of the scan click save log. Save it to your desktop and post in your next reply.
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The aswMBR log
2. The OTL.txt log
3. The Extras.txt log
#22
Posted 13 April 2014 - 02:04 AM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
Heres my aswMBR:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-12 23:55:15
-----------------------------
23:55:15.082 OS Version: Windows x64 6.1.7601 Service Pack 1
23:55:15.082 Number of processors: 4 586 0x100
23:55:15.083 ComputerName: ALEX-HP UserName: Storage
23:55:17.636 Initialize success
23:55:20.807 AVAST engine defs: 14041201
23:55:30.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
23:55:30.093 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
23:55:30.105 Disk 0 MBR read successfully
23:55:30.111 Disk 0 MBR scan
23:55:30.119 Disk 0 Windows 7 default MBR code
23:55:30.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:55:30.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 936762 MB offset 206848
23:55:30.185 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17005 MB offset 1918695424
23:55:30.235 Disk 0 scanning C:\Windows\system32\drivers
23:55:39.634 Service scanning
23:55:58.313 Modules scanning
23:55:58.332 Disk 0 trace - called modules:
23:55:58.379 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066e52c0]<<sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:55:58.723 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007723060]
23:55:58.736 3 CLASSPNP.SYS[fffff88001ac843f] -> nt!IofCallDriver -> [0xfffffa8007145ac0]
23:55:58.748 \Driver\amd_xata[0xfffffa8007132060] -> IRP_MJ_CREATE -> 0xfffffa80066e52c0
23:55:58.756 5 amd_xata.sys[fffff88001021d00] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8007142650]
23:55:58.762 \Driver\amd_sata[0xfffffa8007131bc0] -> IRP_MJ_CREATE -> 0xfffffa80066e32c0
23:56:01.335 AVAST engine scan C:\Windows
23:56:04.385 AVAST engine scan C:\Windows\system32
23:58:22.917 AVAST engine scan C:\Windows\system32\drivers
23:58:41.300 AVAST engine scan C:\Users\Storage
00:10:10.218 AVAST engine scan C:\ProgramData
00:23:49.390 Scan finished successfully
00:59:55.272 Disk 0 MBR has been saved successfully to "C:\Users\Storage\Desktop\MBR.dat"
00:59:55.279 The log file has been saved successfully to "C:\Users\Storage\Desktop\aswMBR.txt"
My OTL:
OTL logfile created on: 4/12/2014 11:35:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Storage\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.48 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 71.77% Memory free
14.95 Gb Paging File | 12.37 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.81 Gb Total Space | 517.12 Gb Free Space | 56.53% Space Free | Partition Type: NTFS
Drive D: | 16.61 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Computer Name: ALEX-HP | User Name: Storage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/12 23:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe
PRC - [2014/04/02 17:13:16 | 003,774,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/04/01 18:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/02/25 14:57:44 | 001,821,888 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/02/09 22:57:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/17 22:24:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/16 14:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/01 18:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 18:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/01 18:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 18:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 18:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 18:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 18:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/27 19:36:13 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 19:35:49 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/27 19:35:10 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/26 22:57:24 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 22:57:19 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 22:57:16 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 22:57:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 22:57:13 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 22:57:13 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 22:57:12 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 22:57:12 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 22:57:10 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 22:57:07 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 22:57:07 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 22:57:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/25 14:57:46 | 001,135,296 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/02/25 14:57:46 | 000,119,488 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\audio.dll
MOD - [2014/02/10 19:34:30 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/02/09 22:57:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/10 16:33:44 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/12/12 15:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/11/04 18:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/06/14 16:49:16 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi
MOD - [2013/06/14 16:49:16 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/09 22:57:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/10/24 06:16:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/28 17:55:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/17 22:24:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/02/09 22:57:57 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/09 22:57:57 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/09 22:57:57 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/09 22:57:57 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/02/09 22:57:57 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/09 22:57:57 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/02/09 22:57:57 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/22 07:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/12/10 17:14:26 | 000,074,432 | ---- | M] (Razer, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/07/14 14:50:11 | 000,111,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys -- (NIWinCDEmu)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/09 01:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/22 22:44:51 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 10:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/11/17 07:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/10/16 21:04:10 | 000,123,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/09 12:50:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/09 12:50:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/24 06:56:54 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/24 05:40:08 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/14 03:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 20:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/27 00:09:08 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7486BD2A-0307-6164-8127-53BFF248EBE9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes\{DC8537D2-46C8-4740-B4AE-9153E680C99E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..\SearchScopes\{EFBF8077-8D2C-4031-8774-BE5EE79B6562}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_80.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_80.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014/02/16 23:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Storage\AppData\Roaming\Mozilla\Extensions
[2013/05/09 23:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_95.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Custom Googleâ„¢ Background = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\6.3_0\
CHR - Extension: Ponify = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae\0.96.4_0\
CHR - Extension: Google Wallet = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: HoofSounds = C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk\1.212_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C882AA94-6E83-4763-A643-0CBF69D7C1B0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2055821690-4012621098-2342977204-1041 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/04/12 23:33:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe
[2014/04/10 18:24:56 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/10 18:24:56 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/10 18:24:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/10 18:24:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/10 18:24:54 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/10 18:24:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/10 18:24:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/10 18:24:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/10 18:24:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/10 18:24:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/10 18:24:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/10 18:24:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/10 18:24:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/10 18:24:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/06 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\FileTypeAssistant
[2014/04/05 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\Skype
[2014/04/05 17:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/05 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/05 17:33:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/04 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Local\IsolatedStorage
[2014/04/04 19:07:09 | 000,000,000 | ---D | C] -- C:\Users\Storage\Documents\TurboTax
[2014/04/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\Storage\AppData\Roaming\Intuit
[2014/04/04 19:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013
[2014/04/04 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/04/04 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2014/04/04 19:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/12 23:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Storage\Desktop\OTL.exe
[2014/04/12 14:41:56 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 14:41:56 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 14:40:19 | 000,783,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/12 14:40:19 | 000,662,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/12 14:40:19 | 000,122,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/12 14:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/12 14:34:00 | 1726,414,847 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/06 17:37:05 | 004,903,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/06 17:23:40 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/04/06 16:59:48 | 000,447,895 | ---- | M] () -- C:\Users\Storage\Documents\Alex's 2013 tax returns.pdf
[2014/04/06 16:00:45 | 000,000,298 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/04/05 17:33:43 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/04 19:05:44 | 000,002,531 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
[2014/04/02 17:15:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/06 17:23:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/04/06 17:23:40 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/04/06 16:59:47 | 000,447,895 | ---- | C] () -- C:\Users\Storage\Documents\Alex's 2013 tax returns.pdf
[2014/04/05 17:33:43 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/04 19:07:04 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/04/04 19:05:44 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
[2014/04/02 17:15:33 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job
[2013/06/04 17:03:21 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/06/02 19:21:59 | 000,000,258 | RHS- | C] () -- C:\Users\Storage\ntuser.pol
[2012/11/17 07:23:24 | 000,021,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys
[2012/11/16 23:21:08 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/10/25 07:33:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/25 07:30:20 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/26 16:31:27 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012/09/14 23:43:29 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/14 23:43:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/09 00:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012/08/09 00:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012/07/22 23:21:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/05/09 12:53:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/11/04 12:04:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2012/07/23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2012/08/31 21:32:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BANDISOFT
[2012/11/17 10:24:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/16 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/02/22 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2013/02/09 19:28:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FlvtoConverter
[2013/06/20 14:17:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Free PDF Tablet
[2012/07/22 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2012/07/19 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient
[2012/09/14 22:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details
[2013/06/21 11:34:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2012/11/16 23:21:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PACE Anti-Piracy
[2012/08/05 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PC Cleaners
[2012/08/05 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PCPro
[2012/11/17 10:22:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PDAppFlex
[2013/08/13 00:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client
[2013/03/12 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2012/07/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinBatch
[2013/11/27 23:52:13 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Ableton
[2013/08/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Audacity
[2014/02/09 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\AVAST Software
[2013/06/25 16:20:38 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\BANDISOFT
[2013/07/20 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Cycling '74
[2013/08/09 16:41:15 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\FlvtoConverter
[2013/06/30 22:28:12 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Free PDF Tablet
[2013/06/10 22:35:33 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\LolClient
[2013/07/24 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\ooVoo Details
[2013/07/30 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\Origin
[2013/11/28 20:34:34 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\PACE Anti-Piracy
[2014/02/05 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\PhotoScape
[2014/02/10 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\SecondLife
[2014/02/12 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\SoftGrid Client
[2013/07/20 15:13:11 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\TotalRecorder
[2014/02/16 23:40:00 | 000,000,000 | ---D | M] -- C:\Users\Storage\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/05/09 12:43:30 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/05/09 12:45:47 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/05/09 12:44:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/05/09 12:44:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< c:\program files (x86)\Google\Desktop >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/19 12:22:54 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1003Core.job
[2012/07/19 12:22:54 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1003UA.job
[2012/09/30 09:49:35 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1005Core.job
[2012/09/30 09:49:35 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2055821690-4012621098-2342977204-1005UA.job
[2013/05/16 12:42:30 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 20:19:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/06/14 17:11:30 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForStorage.job
[2014/04/02 17:15:33 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4ed1d411201c.job
< c:\program files\Google\Desktop >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is D28D-97D1
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Alex
07/17/2012 02:46 PM <JUNCTION> Application Data [C:\Users\Alex\AppData\Roaming]
07/17/2012 02:46 PM <JUNCTION> Cookies [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies]
07/17/2012 02:46 PM <JUNCTION> Local Settings [C:\Users\Alex\AppData\Local]
07/17/2012 02:46 PM <JUNCTION> My Documents [C:\Users\Alex\Documents]
07/17/2012 02:46 PM <JUNCTION> NetHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/17/2012 02:46 PM <JUNCTION> PrintHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/17/2012 02:46 PM <JUNCTION> Recent [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Recent]
07/17/2012 02:46 PM <JUNCTION> SendTo [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\SendTo]
07/17/2012 02:46 PM <JUNCTION> Start Menu [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu]
07/17/2012 02:46 PM <JUNCTION> Templates [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Alex\AppData\Local
07/17/2012 02:46 PM <JUNCTION> Application Data [C:\Users\Alex\AppData\Local]
07/17/2012 02:46 PM <JUNCTION> History [C:\Users\Alex\AppData\Local\Microsoft\Windows\History]
07/17/2012 02:46 PM <JUNCTION> Temporary Internet Files [C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Alex\Documents
07/17/2012 02:46 PM <JUNCTION> My Music [C:\Users\Alex\Music]
07/17/2012 02:46 PM <JUNCTION> My Pictures [C:\Users\Alex\Pictures]
07/17/2012 02:46 PM <JUNCTION> My Videos [C:\Users\Alex\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Storage
06/02/2013 07:21 PM <JUNCTION> Application Data [C:\Users\Storage\AppData\Roaming]
06/02/2013 07:21 PM <JUNCTION> Cookies [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Cookies]
06/02/2013 07:21 PM <JUNCTION> Local Settings [C:\Users\Storage\AppData\Local]
06/02/2013 07:21 PM <JUNCTION> My Documents [C:\Users\Storage\Documents]
06/02/2013 07:21 PM <JUNCTION> NetHood [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/02/2013 07:21 PM <JUNCTION> PrintHood [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/02/2013 07:21 PM <JUNCTION> Recent [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Recent]
06/02/2013 07:21 PM <JUNCTION> SendTo [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\SendTo]
06/02/2013 07:21 PM <JUNCTION> Start Menu [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Start Menu]
06/02/2013 07:21 PM <JUNCTION> Templates [C:\Users\Storage\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Storage\AppData\Local
06/02/2013 07:21 PM <JUNCTION> Application Data [C:\Users\Storage\AppData\Local]
06/02/2013 07:21 PM <JUNCTION> History [C:\Users\Storage\AppData\Local\Microsoft\Windows\History]
06/02/2013 07:21 PM <JUNCTION> Temporary Internet Files [C:\Users\Storage\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Storage\Documents
06/02/2013 07:21 PM <JUNCTION> My Music [C:\Users\Storage\Music]
06/02/2013 07:21 PM <JUNCTION> My Pictures [C:\Users\Storage\Pictures]
06/02/2013 07:21 PM <JUNCTION> My Videos [C:\Users\Storage\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 556,010,147,840 bytes free
< End of report >
And.. Extras? I don't have that
#23
Posted 13 April 2014 - 11:16 AM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
The aswMBR scan is clean. I don't see anything in the OTL log. You didn't get the Extras log file because OTL only generates it on the first run. The OTL log you posted shows Run 4. We will force OTL to generate an Extras.txt log.
What symptoms are you still experiencing?
NOTE: I have changed the settings for OTL so please read them carefully.
OTL Scan
Please re-open on the desktop. To do that:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question above.
2. The Extras.txt log
What symptoms are you still experiencing?
NOTE: I have changed the settings for OTL so please read them carefully.
OTL Scan
Please re-open
on the desktop. To do that:- Vista /7 users: right click the icon and click Run as Administrator.
- You will see a console like the one below:
- At the top of the console click the greyed out None button<---Very Important
- At the top of the console, click the box beside Scan All Users and Include 64bit Scans
- Make sure the Output box at the top is set to Standard Output.
- In the Extra Registry section click the circle beside Use Safelist.<---Very Important...This will get us the Extras.txt log
- Click the button. Do not change any settings unless otherwise told to do so.
- Let the scan run uninterrupted.
- When the scan completes, it will open two notepad windows, OTL.Txt will be opened on the desktop and Extras.Txt will be minimized on the taskbar. I don't need the OTL.txt file so close it and open the Extras.txt file and post it in your next reply.
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question above.
2. The Extras.txt log
#24
Posted 13 April 2014 - 02:47 PM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
The OTL still didn't create an Extras.txt file, and i did the scan exactly like you told me to.
My symptoms are.. When i try to do certain downloads, it takes an excessive amount of time to even open up. And using programs such as TurboTax, I need to be careful not to click around a lot, or else the program often becomes unresponsive. But games and things like Steam are working well, a huge improvement from when I started this thread
#25
Posted 13 April 2014 - 04:41 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Thanks for the update on the symptoms. If you didn't get an Extras.txt file it's because you didn't click the radio button beside Use SafeList in the Extra Registry section of the OTL console. Look at the image below and make sure that the OTL settings look exactly like the ones there. Then hit the Run Scan button.
#26
Posted 13 April 2014 - 04:48 PM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
Success: Here are the extras
OTL Extras logfile created on: 4/13/2014 3:44:55 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Storage\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.48 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 74.04% Memory free
14.95 Gb Paging File | 11.95 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.81 Gb Total Space | 518.14 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 16.61 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Computer Name: ALEX-HP | User Name: Storage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2055821690-4012621098-2342977204-1041\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D399A54-792A-4738-AEF4-3E20C1994608}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{0EC1AAC2-B78C-4A5B-8CF9-B6CC4117A4B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0FF4DDBE-5FE1-436A-8CAD-BD8046448349}" = lport=137 | protocol=17 | dir=in | app=system |
"{293856EF-1280-43CE-8747-60BE98723138}" = lport=445 | protocol=6 | dir=in | app=system |
"{335AD07C-0289-40DB-B96A-59B68364BF71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D89D8E7-C4D9-49DE-A748-129EC53B65EB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{547709C2-85E4-4339-BA76-4D4B8B160357}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5DE82AA3-48FA-4D52-82B5-D5A20D5E0ED1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EEEAD9E-0D2C-4C99-A154-0BBD12CBD35E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C916DCA-84F9-4476-89F3-87E831EAB3B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7985E074-CD36-47A0-B653-0B5BF728EDAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E4601CB-D769-4817-901F-E57251E7D9EC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F1CAF95-6FFD-4F5A-AE4B-0CD5AC164507}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84F691A8-9DF6-442D-9003-688760D72D9F}" = lport=139 | protocol=6 | dir=in | app=system |
"{93472A15-6F4C-485E-B3A1-74B1DFC6C0E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A6CC174-1BA8-4B31-A7DB-EDDDFBE439DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF970C9F-116A-44B3-BCBC-E50C5AA95BFC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B058DDC6-B273-4078-9102-94F2EE0C8070}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B6962769-6687-4030-B3D0-EB60E010B3D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9146D9C-60AC-4911-9D50-AE3AE981FA60}" = rport=138 | protocol=17 | dir=out | app=system |
"{C54B4CA2-2359-412E-AA32-F554771B3063}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2F84FBC-E4E3-495C-BC93-33E22B2A49BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAB0C83D-6D61-43A1-BD2F-66B6A5965914}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFB69CD-4888-431C-A105-A26CC3BC417C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{0F284B7A-3C90-439F-A759-C88A9D8CD71C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{109E062E-050C-431C-BDE0-BB6D81F9D231}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2730A66E-04B4-42AD-AFE4-288163BB6227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{29CFFC23-9D35-462F-94DA-9A7559802B59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{382E0773-C74A-4591-AE93-47BED729F4D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3FBBA282-CFFA-4C7A-A371-FA3A554118CD}" = protocol=1 | dir=out | [email protected],-28544 |
"{4090AEAF-9076-4BF3-B416-DF3FC0541FF7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{41CA6B19-835B-4C41-9677-98B07BD097C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{4F043616-CD2A-4D09-A9E6-11933127436E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{577EDE35-48DB-42DC-BDB9-C29CDBDF0C73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{675F3A55-7497-4A82-83A7-503CAB63B6C2}" = protocol=58 | dir=in | [email protected],-148 |
"{67FD1E06-F847-4A18-B8D9-067339B0B248}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{6E807770-F6CF-43A2-B484-8A284DB74414}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{7CCF96D3-68E8-4510-84EF-A201AF2080E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{8F0A1275-066D-4498-BF1C-ABF62C0B7AF9}" = protocol=58 | dir=in | [email protected],-28545 |
"{9AA94BF8-E754-4A02-9077-C52F07327DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{A3C359C0-E859-4367-9602-C992D19FD660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{A97D94EF-2EE1-4301-87EA-9745B17E20CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{AACC0D53-335D-4BA4-9643-9A372157A431}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B4182F0A-9BA5-4EB2-BB1C-69D3F5F5A162}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{B4D84EC6-9FAF-4646-9FCA-2F2B588C328F}" = protocol=58 | dir=out | [email protected],-28546 |
"{C1EAF21A-16D0-4B69-BBD1-C9EF165B3E79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CF8C21B9-F8A3-4899-8754-C26177081757}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"TCP Query User{060327F6-CDBC-408D-A478-24C038BFCC6B}C:\programdata\battle.net\agent\agent.2380\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"TCP Query User{E0E5BDAD-C34B-416D-997D-4FFC84B70529}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{199EC943-4621-4B14-AF56-F67C41045D73}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{ABA9F0C0-BACD-40DB-BAE9-B726DC6C45CB}C:\programdata\battle.net\agent\agent.2380\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4F5611-13A0-4EBD-BFAF-156D5B5AC0ED}" = VirtualDJ LE (Numark)
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF1604B3-183A-4400-B950-6B0BDD61ADC8}" = Luxe Voice Pack Editor
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B5E09A5F-4934-4427-A243-6DD77303FE9C}" = Luxe USB Interface
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"APB Reloaded" = APB Reloaded
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitZipper_is1" = BitZipper 2013
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Combat Arms" = Combat Arms
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Flvto Youtube Downloader" = Flvto Youtube Downloader
"Fraps" = Fraps
"Free PDF Tablet" = Free PDF Tablet
"Friendship is Memories_is1" = Friendship is Memories
"FYZip" = FYZip 1.00
"Google Chrome" = Google Chrome
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LAME_is1" = LAME v3.99.3 (for Windows)
"Live 8.2.2" = Live 8.2.2
"MapleStory" = MapleStory
"MapleStory Dual Blade" = MapleStory Dual Blade Screen Saver
"MapleStory Dual Blade Clock" = MapleStory Dual Blade Clock Screen Saver
"Motocross Madness Trial 1.0" = Microsoft Motocross Madness Trial
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Factory Selection for Maschine" = Native Instruments Guitar Rig Factory Selection for Maschine
"Native Instruments Komplete 8 Players" = Native Instruments Komplete 8 Players
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"SecondLifeViewer" = SecondLifeViewer (remove only)
"StarCraft II" = StarCraft II
"Steam App 109400" = MicroVolts
"Steam App 204300" = Awesomenauts
"Steam App 212180" = Combat Arms
"Steam App 216150" = MapleStory
"Steam App 218230" = PlanetSide 2
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 91600" = Sanctum
"TmNationsForever_is1" = TmNationsForever
"TotalRecorder" = Total Recorder 8.4 Professional Edition
"Trusted Software Assistant_is1" = File Type Assistant
"TurboTax 2013" = TurboTax 2013
"Voxengo SPAN_is1" = Voxengo SPAN version 2.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-165f9d32-a84a-4d1d-967b-92081484c1f1" = RollerCoaster Tycoon 3: Platinum
"WTA-1ed6e27b-5da4-46de-94aa-9fe14c2bcc6d" = John Deere Drive Green
"WTA-242a2852-bf5e-4679-b333-34229bdad259" = Cradle of Rome 2
"WTA-24523e56-21e4-44da-bb07-3cf3b7b2b0e8" = Bejeweled 3
"WTA-2967a8de-900a-4cab-9eb3-0c742b0aad50" = Dora's World Adventure
"WTA-347c2274-3854-4068-bfe5-1376d81e1376" = Torchlight
"WTA-467545f9-c261-4da6-a139-4d3011e4d69b" = Final Drive Fury
"WTA-48ff740a-ea35-4b95-89a8-c7c7bfd93fc3" = Virtual Villagers 4 - The Tree of Life
"WTA-4cf4a05f-944b-4527-9384-c55a2ebd6955" = Zuma's Revenge
"WTA-4d2dcda3-7435-47ed-aaaa-f3b52b211c65" = The Treasures of Mystery Island: The Ghost Ship
"WTA-4ec344ee-d784-4309-9262-7f9544c81373" = FATE
"WTA-4fa319c5-56a6-48f0-a2af-7a3c1c6e35c9" = Polar Golfer
"WTA-5374b362-d46b-4258-bc79-c10e505b4ec2" = Mah Jong Medley
"WTA-55d2aa9b-1bed-4d43-91e7-9c7a147efddb" = Chuzzle Deluxe
"WTA-5af68c9a-92c7-4e67-8093-809568e007de" = Polar Bowler
"WTA-60d72083-7a32-4c11-818f-4405351b74b6" = Hoyle Card Games
"WTA-630ed6af-a06e-4f51-bcdc-70911a1d333e" = Plants vs. Zombies - Game of the Year
"WTA-7167e51f-f8e3-47f5-85d7-7c6b5efaa921" = Farmscapes
"WTA-80523254-1ad9-437f-ac99-3b5740df674d" = Penguins!
"WTA-885e7b10-4aed-4546-b85c-ea3583f43fed" = Farm Frenzy
"WTA-9515af9f-5091-44c6-b495-cd4d0c529d87" = Luxor HD
"WTA-98340049-de87-43f0-947b-fff34ffdf7fd" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-c8b89e9d-9653-4161-ac72-a802eadeff38" = Letters from Nowhere 2
"WTA-ce5bb1b6-2d15-402b-890e-4949eea393de" = Jewel Match 3
"WTA-f12ae0c7-00c7-44b7-aa58-d43573288378" = Poker Superstars III
"WTA-f7a38885-2d7d-4293-9168-ff0c04edc348" = Blackhawk Striker 2
"zk_sc" = zk_sc Screen Saver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/13/2014 6:41:37 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error - 4/13/2014 6:41:47 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 4/13/2014 6:41:47 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error - 4/13/2014 6:41:57 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 4/13/2014 6:41:57 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error - 4/13/2014 6:42:07 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 4/13/2014 6:42:07 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error - 4/13/2014 6:42:17 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 4/13/2014 6:42:17 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error - 4/13/2014 6:42:27 PM | Computer Name = Alex-HP | Source = ESENT | ID = 489
Description = DllHost (3464) WebCacheLocal: An attempt to open the file "C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 4/13/2014 6:42:27 PM | Computer Name = Alex-HP | Source = ESENT | ID = 455
Description = DllHost (3464) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Storage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
[ Hewlett-Packard Events ]
Error - 7/17/2012 5:49:53 PM | Computer Name = Alex-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 7656 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/17/2012 5:49:54 PM | Computer Name = Alex-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 7656 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ System Events ]
Error - 4/12/2014 5:36:46 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%2
Error - 4/12/2014 6:01:26 PM | Computer Name = Alex-HP | Source = BROWSER | ID = 8032
Description =
Error - 4/13/2014 4:27:11 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Sendoriv1 service failed to start due to the following error:
%%2
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 34001
Description =
Error - 4/13/2014 4:27:17 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 30013
Description =
Error - 4/13/2014 4:29:49 PM | Computer Name = Alex-HP | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%2
Error - 4/13/2014 4:41:50 PM | Computer Name = Alex-HP | Source = BROWSER | ID = 8032
Description =
Error - 4/13/2014 6:33:14 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 31004
Description =
Error - 4/13/2014 6:33:15 PM | Computer Name = Alex-HP | Source = ipnathlp | ID = 31004
Description =
< End of report >
#27
Posted 13 April 2014 - 09:39 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Thanks for the Extras.txt log.
What do you mean by "certain" downloads? And what takes an excessive amount of time to open up?
Does this happen in all browsers or only certain ones?
#28
Posted 14 April 2014 - 04:02 PM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
Mostly any download will take a long time to start. Like after i click "run", it will take a long time to start the next process, such as the "next" button or loading screen. The only browser i use i chrome
#29
Posted 14 April 2014 - 06:35 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Thanks.
Pando Media Booster Advice
Pando is a dire application that does not perform as stated and can be a bandwidth hog also.I don't think this will solve the issues with the browser. But it might help. If you decide to uninstall Pando:
1. Please click the Start Orb, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):
Pando Media Booster
3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)
1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files (86)\Pando Networks
2. Close Windows Explorer.
Step-1.
Run RogueKiller
NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
Step-2.
AdwCleaner by Xplode
Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you uninstalled Pando. There will be some remnants that we will need to remove from the system.
2. The RKreport.txt log
3. The AdwCleaner.[R0].txt log
Pando Media Booster Advice
Pando is a dire application that does not perform as stated and can be a bandwidth hog also.I don't think this will solve the issues with the browser. But it might help. If you decide to uninstall Pando:
1. Please click the Start Orb
, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program2. In the list of programs installed, locate the following program(s):
Pando Media Booster
3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)
1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files (86)\Pando Networks
2. Close Windows Explorer.
Step-1.
Run RogueKiller
NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here
- Click here to go to the RogueKiller download page.
- Scroll down to the RogueKiller Download section and click the RogueKiller button and save the RogueKiller.exe file to the desktop.
- Quit all programs and close all browsers.
- Right click the RogueKiller icon and click Run as Administrator to run the program.
NOTE: If this is the first time you have used the program you will need to accept the User Agreement and the browser will open with some information related to the program. - Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
- Click on Scan
- Wait for the end of the scan.
- DO NOT delete anything at this time.
- The report has been created on the desktop.
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
Step-2.
AdwCleaner by Xplode
Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
- Right click the AdwCleaner icon
on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
- Click the Scan button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
- Click the Report button to get the log.
- Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
- Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you uninstalled Pando. There will be some remnants that we will need to remove from the system.
2. The RKreport.txt log
3. The AdwCleaner.[R0].txt log
#30
Posted 16 April 2014 - 11:34 AM
ego10fan
- Topic Starter
-
- Member
-
- 44 posts
Member
I uninstalled pando.
RK report.txt log:
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Storage [Admin rights]
Mode : Scan -- Date : 04/16/2014 10:20:12
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (expstart.exe [-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (expstart.exe [-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ][PUM] HKLM\[...]\Wow6432Node\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F538A0)
[Address] EAT @explorer.exe (WlanConnect) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56D10)
[Address] EAT @explorer.exe (WlanDisconnect) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F557E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58394)
[Address] EAT @explorer.exe (WlanFreeMemory) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55268)
[Address] EAT @explorer.exe (WlanGetProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F599D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F594D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F59D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F591EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F592A4)
[Address] EAT @explorer.exe (WlanIhvControl) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F51960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F5A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F587D0)
[Address] EAT @explorer.exe (WlanScan) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F53D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F54470)
[Address] EAT @explorer.exe (WlanSetProfile) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F56760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F578A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F55F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F571A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F57644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F581B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : thumbcache.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF6F58B58)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA630 SATA Disk Device +++++
--- User ---
[MBR] 82fa7079b189f876fad3503672ce41c8
[BSP] cd805c2ba9b5b91f9fc4c54ce3b32815 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936762 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918695424 | Size: 17005 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e6be123b9215f844f094ca91741c608e
[BSP] 652ec62a60a99b0710cc3947c4f9b824 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 MB
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multiple Card Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_S_04162014_102012.txt >>
AdwCleaner:
# AdwCleaner v3.023 - Report created 16/04/2014 at 10:31:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Storage - ALEX-HP
# Running from : C:\Users\Storage\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Program Files (x86)\File Type Assistant
Folder Found C:\Users\Storage\AppData\Local\FileTypeAssistant
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v34.0.1847.116
[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Storage\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [18905 octets] - [17/02/2014 00:28:34]
AdwCleaner[R1].txt - [19320 octets] - [23/02/2014 22:24:37]
AdwCleaner[R2].txt - [958 octets] - [16/04/2014 10:31:07]
AdwCleaner[S0].txt - [19252 octets] - [23/02/2014 22:31:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1078 octets] ##########
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
