Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stormfall ads [Solved]


  • This topic is locked This topic is locked

#1
Shady

Shady

    Member

  • Member
  • PipPipPip
  • 202 posts

Hi all.  I keep getting an ad popup (at random) that's advertising for a game called "Stormfall."  I believe this started occurring after trying to install an app called 'FilezillaFTP'  I never checked on adding additional software so not sure why it did (if that is the source for it).  Tried multiple virus scans, even an online scan from ESET.  Did malware scans as well.  Shows up nothing.  Looked in the add/remove apps in control panel, but don't see anything.  Last, looked in windows explorer for a folder/file and came up empty.  Brings me here for some help :)


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

      Ed5W1.png

    • Click Run Scan.
    • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Extras.txt (OTL)
    • OTL.txt (OTL)

Edited by Pyxis, 16 April 2014 - 08:48 AM.

  • 0

#3
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
OTL logfile created on: 4/16/2014 12:06:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 66.88% Memory free
15.90 Gb Paging File | 12.86 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.81 Gb Total Space | 6.59 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive D: | 14.68 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
Drive F: | 99.46 Mb Total Space | 89.43 Mb Free Space | 89.91% Space Free | Partition Type: FAT32
 
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 12:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/04/07 22:33:47 | 001,238,616 | ---- | M] (BitTorrent Inc.) -- C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/04/01 20:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/28 19:47:13 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 12:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/10/18 12:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/10/18 11:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/06/07 05:48:27 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/14 16:59:50 | 001,157,120 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_ssl.pyd
MOD - [2014/04/14 16:59:50 | 000,811,008 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._windows_.pyd
MOD - [2014/04/14 16:59:50 | 000,805,888 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._gdi_.pyd
MOD - [2014/04/14 16:59:50 | 000,712,192 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_hashlib.pyd
MOD - [2014/04/14 16:59:50 | 000,110,080 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\PyWinTypes27.dll
MOD - [2014/04/14 16:59:50 | 000,070,656 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._html2.pyd
MOD - [2014/04/14 16:59:50 | 000,026,624 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_multiprocessing.pyd
MOD - [2014/04/14 16:59:49 | 001,175,040 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._core_.pyd
MOD - [2014/04/14 16:59:49 | 001,062,400 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._controls_.pyd
MOD - [2014/04/14 16:59:49 | 000,735,232 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._misc_.pyd
MOD - [2014/04/14 16:59:49 | 000,686,080 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\unicodedata.pyd
MOD - [2014/04/14 16:59:49 | 000,557,056 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\pysqlite2._sqlite.pyd
MOD - [2014/04/14 16:59:49 | 000,525,640 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/14 16:59:49 | 000,364,544 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\pythoncom27.dll
MOD - [2014/04/14 16:59:49 | 000,320,512 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32com.shell.shell.pyd
MOD - [2014/04/14 16:59:49 | 000,128,512 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_elementtree.pyd
MOD - [2014/04/14 16:59:49 | 000,127,488 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\pyexpat.pyd
MOD - [2014/04/14 16:59:49 | 000,122,368 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\wx._wizard.pyd
MOD - [2014/04/14 16:59:49 | 000,119,808 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32file.pyd
MOD - [2014/04/14 16:59:49 | 000,108,544 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32security.pyd
MOD - [2014/04/14 16:59:49 | 000,098,816 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32api.pyd
MOD - [2014/04/14 16:59:49 | 000,087,040 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_ctypes.pyd
MOD - [2014/04/14 16:59:49 | 000,044,032 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\_socket.pyd
MOD - [2014/04/14 16:59:49 | 000,038,912 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32inet.pyd
MOD - [2014/04/14 16:59:49 | 000,035,840 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32process.pyd
MOD - [2014/04/14 16:59:49 | 000,025,600 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32pdh.pyd
MOD - [2014/04/14 16:59:49 | 000,024,064 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32pipe.pyd
MOD - [2014/04/14 16:59:49 | 000,022,528 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32ts.pyd
MOD - [2014/04/14 16:59:49 | 000,018,432 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32event.pyd
MOD - [2014/04/14 16:59:49 | 000,017,408 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32profile.pyd
MOD - [2014/04/14 16:59:49 | 000,011,264 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\win32crypt.pyd
MOD - [2014/04/14 16:59:49 | 000,010,240 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42402\select.pyd
MOD - [2014/04/01 20:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 20:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 20:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 20:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 20:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 20:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/12 04:29:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 04:29:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 04:24:23 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 04:24:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 04:24:01 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f7f05deb53e1502b575bfc3ef7bdbcf1\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:23:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:23:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\63cd84f7b5c30e74ac93144f39ba4037\System.Xml.ni.dll
MOD - [2014/02/12 04:23:50 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:23:41 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 04:23:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:23:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/06/07 05:44:52 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/06/07 05:44:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/01 02:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/30 21:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/01/30 21:17:08 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/11 13:51:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/18 12:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/10/18 12:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/10/18 11:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/10/09 08:04:16 | 000,905,272 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/07 05:54:42 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/31 16:22:16 | 000,094,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2014/01/31 16:22:16 | 000,086,896 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/18 12:46:18 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/10/18 12:45:12 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/10/18 12:44:58 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/10/18 12:44:58 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/10/18 12:44:54 | 000,032,848 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2013/10/09 08:04:06 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2013/10/09 08:03:42 | 000,038,456 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2013/10/08 18:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013/10/08 18:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/07 05:54:42 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2013/06/07 05:49:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2013/06/07 05:48:27 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2013/06/07 05:48:27 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2013/06/07 05:44:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/02/21 20:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 04:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/01 01:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/18 13:16:12 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/01/18 13:16:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/01/18 13:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/11/13 23:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Drive = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.402.0.5_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WGT Golf Challenge = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: File Manager = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\egoilkobbnkdafmcllnicbohlpjcjegl\4.211_0\
CHR - Extension: Sniper Team = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec\1.0.2_0\
CHR - Extension: Flixster = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Dropbox = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: Poppit = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Picky Wallpapers = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3274223156-926114502-2139461653-1001..\Run: [BitTorrent] C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3274223156-926114502-2139461653-1001..\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3274223156-926114502-2139461653-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1716082C-C0FB-4AC1-A500-0A1AA10095C7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28034852-c660-11e2-bf66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28034852-c660-11e2-bf66-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/14 17:04:32 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/04/12 21:36:13 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/04/09 19:55:01 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 19:55:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 19:55:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 19:55:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 19:55:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 19:55:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 19:55:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 19:55:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 19:55:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 19:55:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/06 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\StormFall598
[2014/04/06 13:31:38 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/03/24 06:21:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Kegel
[2014/03/24 06:20:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Kjs.AppLife.Update
[2014/03/24 06:20:05 | 000,000,000 | ---D | C] -- C:\Kegel
[2014/03/24 06:17:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kegel
[2014/03/24 06:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kegel
[2014/03/24 06:17:37 | 000,000,000 | ---D | C] -- C:\KOSIPRO
[2014/03/19 06:26:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\X-Chat 2
[2014/03/19 06:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2014/03/19 06:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/16 11:52:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/16 11:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001UA.job
[2014/04/16 08:09:07 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job
[2014/04/16 00:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001Core.job
[2014/04/15 19:52:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/14 21:50:39 | 000,823,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/14 21:50:39 | 000,693,672 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/14 21:50:39 | 000,131,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/14 21:49:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/14 17:07:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/14 17:07:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/14 16:59:35 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/13 03:37:50 | 019,571,212 | ---- | M] () -- C:\Users\John\AppData\Local\census.cache
[2014/04/13 03:34:23 | 000,174,707 | ---- | M] () -- C:\Users\John\AppData\Local\ars.cache
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdva.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
[2014/04/12 21:40:06 | 000,000,010 | ---- | M] () -- C:\Users\John\AppData\Local\sponge.last.runtime.cache
[2014/04/12 21:35:43 | 000,000,036 | ---- | M] () -- C:\Users\John\AppData\Local\housecall.guid.cache
[2014/04/06 21:26:17 | 000,002,370 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk
[2014/03/29 16:59:33 | 000,259,701 | ---- | M] () -- C:\Users\John\Desktop\Twin City Lanes 03_29_14 (Coultas).pdf
[2014/03/28 06:27:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2014/04/13 03:37:50 | 019,571,212 | ---- | C] () -- C:\Users\John\AppData\Local\census.cache
[2014/04/13 03:34:23 | 000,174,707 | ---- | C] () -- C:\Users\John\AppData\Local\ars.cache
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdva.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
[2014/04/12 21:40:06 | 000,000,010 | ---- | C] () -- C:\Users\John\AppData\Local\sponge.last.runtime.cache
[2014/04/12 21:35:43 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache
[2014/04/06 21:26:17 | 000,002,370 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk
[2014/04/05 08:51:49 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job
[2014/03/30 17:36:20 | 000,259,701 | ---- | C] () -- C:\Users\John\Desktop\Twin City Lanes 03_29_14 (Coultas).pdf
[2014/02/10 23:06:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/09/29 19:48:14 | 000,001,057 | ---- | C] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2013/08/25 11:29:41 | 000,779,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 09:26:40 | 000,000,017 | ---- | C] () -- C:\Users\John\AppData\Local\resmon.resmoncfg
[2013/05/26 14:35:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/26 14:30:20 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013/05/26 14:30:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/05/26 14:29:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/13 07:47:53 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics
[2014/04/16 12:09:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2013/08/25 10:57:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.warnerbros.DigitalCopyManager
[2013/08/25 10:57:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2013/09/29 19:17:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Digiarty
[2014/04/14 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
[2013/09/29 18:40:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2013/12/04 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SandSComputing
[2013/12/04 01:17:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SSDir
[2014/04/06 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\StormFall598
[2013/05/26 17:04:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Synaptics
[2013/06/10 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2014/02/28 07:40:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Vso
[2014/04/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 

OTL Extras logfile created on: 4/16/2014 12:06:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 66.88% Memory free
15.90 Gb Paging File | 12.86 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.81 Gb Total Space | 6.59 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive D: | 14.68 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
Drive F: | 99.46 Mb Total Space | 89.43 Mb Free Space | 89.91% Space Free | Partition Type: FAT32
 
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E478623-29E2-4694-9DA4-3E1EE3E2AACF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{22BC3726-42B4-4164-94D1-A18F4D86B4D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{36EE494A-9627-4CA3-9A64-FCBFA0139168}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4C85C1C2-3E45-44C6-84F8-A20B6C04042F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5F7EF239-7066-4A06-B7DC-5585EFDB4487}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{627231CB-1A87-423A-8C44-CC9019701F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E96215C-42B5-4829-A406-038C3EDE94E8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72D95157-68DD-462B-9EFA-177820C096E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7CCE92E0-79CA-41F4-9A8C-488E541B628A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8487EE8D-FB81-4606-B450-0AFFD297E9E5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9AD142BF-0D8D-4A8C-9BDA-3AF6A99D8E57}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9DEFFD59-C7DE-457E-8BA8-34457AF404A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9ED3E869-10E8-4383-AE20-A9B18EDB9494}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A369AD3B-44BB-4B53-BF73-2D7700E2482A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B348A4B4-6EAD-44A5-8A00-C2CFBDEB4AD8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BB8E4BDB-15FF-4E1D-9894-AFD80C67A8B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BF082EC3-0F80-4C12-8A3B-0D1D70E99566}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CA5A5ABC-3EC4-442B-A762-90B81D381113}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8479AC0-6011-43CB-B0AE-79208C8427CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F648CA59-6AF1-4E01-9D19-B10FC3A07E38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F70020D9-09D6-47E1-83F8-935B7158FE18}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FA2467D3-4415-458F-AE59-24CD693783AD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FFC3BEBB-BB6F-4DF1-A64B-3FC1A4A8C6FE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEE532-461D-4759-AE0D-AFD248CADF34}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0581D722-A4C4-4FBF-B1D5-C4C4EE8E4839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06BA5FE9-E7FC-4C7B-90D9-B7E397C9BE71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06C4A5DD-5FA7-4E78-87F4-951CE84CB027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A4BA7FE-E80B-4FE8-BE51-6583A2149301}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{11925C4F-46C5-47CC-A3F1-D94618F52C96}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{122939D9-7D11-4E5E-829D-A03495A614B9}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{12569505-BDE5-4605-8778-24E3D5C04859}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{1BDA8ED0-D41F-42C0-AC92-7A43DAC463B4}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{27336EF6-C672-463B-BF20-A63B801DBCBC}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\bittorrent\bittorrent.exe | 
"{28691EC0-AA5B-48F8-81E1-9A7BBA0C97F6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2B429156-C6BF-4AEE-941A-151843277944}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{2CEB6427-C9A0-487E-88EF-309B0141EE0A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{372DFB16-F5CE-40F6-A9F1-4278C2ADAF18}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37B4DB18-3C6A-4F7E-B4CF-5E9717B5537F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3900EA53-B90E-4531-97F6-841AA0F4952A}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{3AA5DC62-D991-4ED3-914F-A9F5F1783F06}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{44236817-9C72-4FED-B9AF-943638779C1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4425E7B3-925D-4D70-905A-06CDC264F8C1}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{457311C1-90D5-4427-ABB3-F7ADDECE9B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"{525CA1FD-A433-4617-800A-7CECCA465FB3}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{5BEC9217-53DB-4BEA-B376-D190B085528C}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{5BFADB22-F7D3-4B62-A4CE-F59235A7AD60}" = protocol=1 | dir=in | [email protected],-28543 | 
"{63E0ADD3-CD52-40BA-ADEE-2DA0AC35F1BB}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{6A34A713-F83F-4912-B3DF-D4FD78A748FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6C84B7CF-B3DC-46AB-BEEA-A7C10101ECE8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{787F0A48-251C-4937-8D5A-BB276385A3ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{7A4EAAB9-CA4E-4AF3-8041-7E2D7D192A4B}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{7B371C94-0FEB-48ED-A8C1-40C22BC0514E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{7F4BD6D5-2D75-4EFF-B244-583F244E9717}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"{80F8487A-0600-4DCA-A77B-C6CCC8A261B6}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{861357A5-A595-406B-A5A5-B33CA96ADAF4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{8784A1F7-EA90-4E86-A1EA-E0105C94CFEC}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\bittorrent\bittorrent.exe | 
"{9108BA43-DE1A-46CB-A28C-FEAF97667DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"{A3A5EF2D-26CA-4E79-8BD9-4433E5DA545B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A3D6EBD9-69E1-49CD-9277-05884347B9F7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"{A61DC6F7-B4F9-420E-BDB6-BFD504FD441A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{A9CCD92D-635D-41B5-B7CF-FD088BC63C24}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"{AAACB0C4-75F9-4F22-9572-226D25664657}" = protocol=6 | dir=out | app=system | 
"{AB4F1116-1048-4A31-A992-DB376B8D849E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFF6F81E-EA7F-4DCF-BB14-5904BCC3ED52}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{B10CED0B-0C1A-4250-86D0-69891CF87046}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B464D8CB-E322-4081-99ED-82EFFBB2267B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{C5B6524A-2BA8-44C8-A464-6DCE5A84F7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8CE6B3F-E85E-436C-9938-5F68D1B13E76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB51B930-1BC6-48A0-B2B8-5D438F96F374}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CDDA272E-AAF8-4048-AF47-383FB107CC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CFE4E8E6-AC82-4401-9048-6662E0A07276}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"{D476EC93-473E-4886-99D4-40B75709A3DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8C0F7E4-AB4A-4D23-B117-5375E080FBD8}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D9B5AA58-3A59-490A-9662-5CDCB6156D27}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{EC163B30-144B-46FA-9034-08736BC2B698}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ECF9C4D5-2FD1-41CB-BC96-08CA93D1B84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{ED89BC29-8B1B-4648-9EDB-8FA9A8719DB5}" = protocol=1 | dir=out | [email protected],-28544 | 
"{EFDC3418-8993-4B13-98ED-D4093CED36BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{F2A0AABB-A88D-4132-A4CB-B24F3A0479D9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{F2C54C4E-B089-4529-88DF-9BE0BE411355}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA2A053B-3763-4AF8-B6AE-4B42DE0CFABB}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"TCP Query User{3772B50D-FD47-4377-B068-E965084530C5}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"TCP Query User{39FBDE88-E217-4FE7-8B56-F42B31E9419D}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"TCP Query User{5897A69D-441B-4988-B248-447C035DBF35}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"TCP Query User{87FB77FC-D4AE-4394-BEC2-65CC6C897138}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{EE9793E7-BBC2-4051-96F0-51FC76A4BDF2}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{06BC25CF-FD26-42F8-8183-EDCAE852F56C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{59723CF3-63E2-41B7-8183-E832A030EED5}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{A2AC4674-0C13-459A-9414-F05F35E74A8E}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{B98EE489-7C73-4417-ACBC-D6D80396F714}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"UDP Query User{F4837DCB-AEC3-495A-9FAD-B1094BB07C65}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"CCleaner" = CCleaner
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"dcmsvc_is1" = dcmsvc 1.0
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KOSIPRO" = KOSIPRO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ProInst" = Intel PROSet Wireless
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 2.0.7
"VMware_Player" = VMware Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"xchat" = XChat 2 (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"404b9336c7552828" = Flixster
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"Search Protection" = Search Protection
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/4/2014 1:39:22 PM | Computer Name = John-HP | Source = Chrome | ID = 1
Description = 
 
Error - 4/6/2014 10:23:53 PM | Computer Name = John-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/6/2014 10:36:33 PM | Computer Name = John-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/8/2014 12:48:43 AM | Computer Name = John-HP | Source = Chrome | ID = 1
Description = 
 
Error - 4/10/2014 4:18:38 AM | Computer Name = John-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/10/2014 7:31:28 AM | Computer Name = John-HP | Source = Chrome | ID = 1
Description = 
 
Error - 4/13/2014 9:12:54 AM | Computer Name = John-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 4/13/2014 9:12:59 AM | Computer Name = John-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 4/13/2014 3:53:08 PM | Computer Name = John-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 4/14/2014 5:59:48 PM | Computer Name = John-HP | Source = WinMgmt | ID = 10
Description = 
 
[ HP Connection Manager Events ]
Error - 2/23/2014 1:31:56 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/02/23 11:31:56.149|000015F4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 2/26/2014 7:54:56 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/02/26 17:54:56.202|00001624|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/13/2014 4:15:51 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/13 03:15:51.036|00001980|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/14/2014 6:31:44 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/14 05:31:44.742|000015B8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/14/2014 6:31:51 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/14 05:31:51.756|000015B8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/29/2014 5:31:56 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/29 16:31:56.076|00000C44|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/3/2014 12:27:36 AM | Computer Name = John-HP | Source = hpMobile | ID = 5
Description = 2014/04/02 23:27:36.505|00001220|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 4/6/2014 10:22:17 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/06 21:22:17.560|000019F8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/10/2014 4:16:44 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/10 03:16:44.451|00001548|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/14/2014 1:23:52 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/14 12:23:52.916|0000182C|Error      |CWLAN::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
[ System Events ]
Error - 3/29/2014 5:42:36 PM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034
Description = The TrueSuiteService service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 3/30/2014 2:05:31 PM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034
Description = The TrueSuiteService service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 3/31/2014 9:38:54 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 4/4/2014 7:37:40 AM | Computer Name = John-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 4/4/2014 7:38:45 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error 
%%-1073473535.
 
Error - 4/4/2014 7:38:45 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 4/4/2014 7:39:15 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Search service, but
 this action failed with the following error:   %%1056
 
Error - 4/4/2014 7:42:10 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034
Description = The TrueSuiteService service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 4/6/2014 10:27:19 PM | Computer Name = John-HP | Source = Service Control Manager | ID = 7030
Description = The FileZilla Server FTP server service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 4/8/2014 12:09:42 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034
Description = The TrueSuiteService service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
 

  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:You are advised to remove the following programs by uninstalling them:
    • BitTorrent
    Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      cF4ib.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
      [2013/06/10 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
      [2014/04/06 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\StormFall598
      [2014/04/06 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\StormFall598
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
      IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
      IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
      IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}: "URL" = http://www.amazon.co...s={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
      [2013/05/26 14:30:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
      
      :Files
      C:\Windows\SysWOW64\ezSharedSvcHost.exe
      
      :Commands
      [emptytemp]
      [resethosts]
      
    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 6

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • Extras.txt (OTL)
    • OTL.txt (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)

  • 0

#5
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
All processes killed
========== OTL ==========
C:\Users\John\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\John\AppData\Roaming\StormFall598 folder moved successfully.
Folder C:\Users\John\AppData\Roaming\StormFall598\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307679DE-83ED-4077-82D2-BD13FE0112B1}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
C:\Windows\SysWOW64\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Windows\SysWOW64\ezSharedSvcHost.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: John
->Temp folder emptied: 335263416 bytes
->Temporary Internet Files folder emptied: 1092373 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 223296760 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 534.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04172014_232918
 
Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-2948.log moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#6
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

 # AdwCleaner v3.023 - Report created 17/04/2014 at 23:37:41

# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-HP
# Running from : C:\Users\John\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Level Quality Watcher
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1566 octets] - [09/02/2014 16:51:58]
AdwCleaner[R1].txt - [1230 octets] - [17/04/2014 23:36:41]
AdwCleaner[S0].txt - [1643 octets] - [09/02/2014 16:53:16]
AdwCleaner[S1].txt - [1113 octets] - [17/04/2014 23:37:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1173 octets] ##########

  • 0

#7
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Thu 04/17/2014 at 23:40:54.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/17/2014 at 23:46:21.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#8
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

 UNSUPPORTED OPERATING SYSTEM! ABORTED!


  • 0

#9
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
OTL logfile created on: 4/17/2014 11:51:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 72.27% Memory free
15.90 Gb Paging File | 13.23 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.81 Gb Total Space | 7.00 Gb Free Space | 7.23% Space Free | Partition Type: NTFS
Drive D: | 14.68 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
Drive F: | 99.46 Mb Total Space | 89.43 Mb Free Space | 89.91% Space Free | Partition Type: FAT32
 
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 12:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/04/01 20:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/28 19:47:13 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 12:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/10/18 12:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/10/18 11:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/06/07 05:48:27 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/17 23:39:06 | 001,157,120 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_ssl.pyd
MOD - [2014/04/17 23:39:06 | 001,062,400 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._controls_.pyd
MOD - [2014/04/17 23:39:06 | 000,811,008 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._windows_.pyd
MOD - [2014/04/17 23:39:06 | 000,805,888 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._gdi_.pyd
MOD - [2014/04/17 23:39:06 | 000,712,192 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_hashlib.pyd
MOD - [2014/04/17 23:39:06 | 000,110,080 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\PyWinTypes27.dll
MOD - [2014/04/17 23:39:06 | 000,087,040 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_ctypes.pyd
MOD - [2014/04/17 23:39:06 | 000,070,656 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._html2.pyd
MOD - [2014/04/17 23:39:06 | 000,038,912 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32inet.pyd
MOD - [2014/04/17 23:39:06 | 000,035,840 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32process.pyd
MOD - [2014/04/17 23:39:06 | 000,026,624 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_multiprocessing.pyd
MOD - [2014/04/17 23:39:06 | 000,025,600 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32pdh.pyd
MOD - [2014/04/17 23:39:06 | 000,024,064 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32pipe.pyd
MOD - [2014/04/17 23:39:05 | 001,175,040 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._core_.pyd
MOD - [2014/04/17 23:39:05 | 000,735,232 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._misc_.pyd
MOD - [2014/04/17 23:39:05 | 000,686,080 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\unicodedata.pyd
MOD - [2014/04/17 23:39:05 | 000,557,056 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\pysqlite2._sqlite.pyd
MOD - [2014/04/17 23:39:05 | 000,525,640 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/17 23:39:05 | 000,364,544 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\pythoncom27.dll
MOD - [2014/04/17 23:39:05 | 000,320,512 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32com.shell.shell.pyd
MOD - [2014/04/17 23:39:05 | 000,128,512 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_elementtree.pyd
MOD - [2014/04/17 23:39:05 | 000,127,488 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\pyexpat.pyd
MOD - [2014/04/17 23:39:05 | 000,122,368 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\wx._wizard.pyd
MOD - [2014/04/17 23:39:05 | 000,119,808 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32file.pyd
MOD - [2014/04/17 23:39:05 | 000,108,544 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32security.pyd
MOD - [2014/04/17 23:39:05 | 000,098,816 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32api.pyd
MOD - [2014/04/17 23:39:05 | 000,044,032 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\_socket.pyd
MOD - [2014/04/17 23:39:05 | 000,022,528 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32ts.pyd
MOD - [2014/04/17 23:39:05 | 000,018,432 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32event.pyd
MOD - [2014/04/17 23:39:05 | 000,017,408 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32profile.pyd
MOD - [2014/04/17 23:39:05 | 000,011,264 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\win32crypt.pyd
MOD - [2014/04/17 23:39:05 | 000,010,240 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI42562\select.pyd
MOD - [2014/04/01 20:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 20:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 20:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 20:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 20:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 20:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/12 04:29:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 04:29:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 04:24:23 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 04:24:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 04:24:01 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f7f05deb53e1502b575bfc3ef7bdbcf1\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:23:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:23:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\63cd84f7b5c30e74ac93144f39ba4037\System.Xml.ni.dll
MOD - [2014/02/12 04:23:50 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:23:41 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 04:23:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:23:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/06/07 05:44:52 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/06/07 05:44:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/01 02:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/30 21:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/01/30 21:17:08 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/11 13:51:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/18 12:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/10/18 12:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/10/18 11:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/10/09 08:04:16 | 000,905,272 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/07 05:54:42 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/31 16:22:16 | 000,094,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2014/01/31 16:22:16 | 000,086,896 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/18 12:46:18 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/10/18 12:45:12 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/10/18 12:44:58 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/10/18 12:44:58 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/10/18 12:44:54 | 000,032,848 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2013/10/09 08:04:06 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2013/10/09 08:03:42 | 000,038,456 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2013/10/08 18:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013/10/08 18:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/07 05:54:42 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2013/06/07 05:49:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2013/06/07 05:48:27 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2013/06/07 05:48:27 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2013/06/07 05:44:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/02/21 20:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 04:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/01 01:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/18 13:16:12 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/01/18 13:16:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/01/18 13:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/11/13 23:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3274223156-926114502-2139461653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Drive = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.402.0.5_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WGT Golf Challenge = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: File Manager = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\egoilkobbnkdafmcllnicbohlpjcjegl\4.211_0\
CHR - Extension: Sniper Team = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec\1.0.2_0\
CHR - Extension: Flixster = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Dropbox = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: Poppit = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Picky Wallpapers = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/17 23:29:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3274223156-926114502-2139461653-1001..\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3274223156-926114502-2139461653-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1716082C-C0FB-4AC1-A500-0A1AA10095C7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28034852-c660-11e2-bf66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28034852-c660-11e2-bf66-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 23:29:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/12 21:36:13 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/04/09 19:55:01 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 19:55:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 19:55:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 19:55:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 19:55:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 19:55:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 19:55:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 19:55:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 19:55:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 19:55:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/06 13:31:38 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/03/24 06:21:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Kegel
[2014/03/24 06:20:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Kjs.AppLife.Update
[2014/03/24 06:20:05 | 000,000,000 | ---D | C] -- C:\Kegel
[2014/03/24 06:17:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kegel
[2014/03/24 06:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kegel
[2014/03/24 06:17:37 | 000,000,000 | ---D | C] -- C:\KOSIPRO
[2014/03/19 06:26:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\X-Chat 2
[2014/03/19 06:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2014/03/19 06:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/17 23:52:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/17 23:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/17 23:46:10 | 000,823,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 23:46:10 | 000,693,672 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/17 23:46:10 | 000,131,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/17 23:45:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 23:45:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 23:39:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 23:38:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/17 23:38:46 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 23:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001UA.job
[2014/04/17 23:29:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/17 00:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3274223156-926114502-2139461653-1001Core.job
[2014/04/16 08:09:07 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job
[2014/04/13 03:37:50 | 019,571,212 | ---- | M] () -- C:\Users\John\AppData\Local\census.cache
[2014/04/13 03:34:23 | 000,174,707 | ---- | M] () -- C:\Users\John\AppData\Local\ars.cache
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdva.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
[2014/04/12 21:40:06 | 000,000,010 | ---- | M] () -- C:\Users\John\AppData\Local\sponge.last.runtime.cache
[2014/04/12 21:35:43 | 000,000,036 | ---- | M] () -- C:\Users\John\AppData\Local\housecall.guid.cache
[2014/04/06 21:26:17 | 000,002,370 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk
[2014/03/29 16:59:33 | 000,259,701 | ---- | M] () -- C:\Users\John\Desktop\Twin City Lanes 03_29_14 (Coultas).pdf
[2014/03/28 06:27:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2014/04/13 03:37:50 | 019,571,212 | ---- | C] () -- C:\Users\John\AppData\Local\census.cache
[2014/04/13 03:34:23 | 000,174,707 | ---- | C] () -- C:\Users\John\AppData\Local\ars.cache
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdva.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
[2014/04/12 21:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
[2014/04/12 21:40:06 | 000,000,010 | ---- | C] () -- C:\Users\John\AppData\Local\sponge.last.runtime.cache
[2014/04/12 21:35:43 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache
[2014/04/06 21:26:17 | 000,002,370 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\GetPose.lnk
[2014/04/05 08:51:49 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job
[2014/03/30 17:36:20 | 000,259,701 | ---- | C] () -- C:\Users\John\Desktop\Twin City Lanes 03_29_14 (Coultas).pdf
[2014/02/10 23:06:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/09/29 19:48:14 | 000,001,057 | ---- | C] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2013/08/25 11:29:41 | 000,779,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 09:26:40 | 000,000,017 | ---- | C] () -- C:\Users\John\AppData\Local\resmon.resmoncfg
[2013/05/26 14:35:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/26 14:30:20 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013/05/26 14:29:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/05/26 15:27:13 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is CC5C-030C
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest
06/13/2013  07:47 AM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Roaming]
06/13/2013  07:47 AM    <JUNCTION>     Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
06/13/2013  07:47 AM    <JUNCTION>     Local Settings [C:\Users\Guest\AppData\Local]
06/13/2013  07:47 AM    <JUNCTION>     My Documents [C:\Users\Guest\Documents]
06/13/2013  07:47 AM    <JUNCTION>     NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/13/2013  07:47 AM    <JUNCTION>     PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/13/2013  07:47 AM    <JUNCTION>     Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
06/13/2013  07:47 AM    <JUNCTION>     SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
06/13/2013  07:47 AM    <JUNCTION>     Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
06/13/2013  07:47 AM    <JUNCTION>     Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\AppData\Local
06/13/2013  07:47 AM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Local]
06/13/2013  07:47 AM    <JUNCTION>     History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
06/13/2013  07:47 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\Documents
06/13/2013  07:47 AM    <JUNCTION>     My Music [C:\Users\Guest\Music]
06/13/2013  07:47 AM    <JUNCTION>     My Pictures [C:\Users\Guest\Pictures]
06/13/2013  07:47 AM    <JUNCTION>     My Videos [C:\Users\Guest\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\John
05/26/2013  05:00 PM    <JUNCTION>     Application Data [C:\Users\John\AppData\Roaming]
05/26/2013  05:00 PM    <JUNCTION>     Cookies [C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies]
05/26/2013  05:00 PM    <JUNCTION>     Local Settings [C:\Users\John\AppData\Local]
05/26/2013  05:00 PM    <JUNCTION>     My Documents [C:\Users\John\Documents]
05/26/2013  05:00 PM    <JUNCTION>     NetHood [C:\Users\John\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/26/2013  05:00 PM    <JUNCTION>     PrintHood [C:\Users\John\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/26/2013  05:00 PM    <JUNCTION>     Recent [C:\Users\John\AppData\Roaming\Microsoft\Windows\Recent]
05/26/2013  05:00 PM    <JUNCTION>     SendTo [C:\Users\John\AppData\Roaming\Microsoft\Windows\SendTo]
05/26/2013  05:00 PM    <JUNCTION>     Start Menu [C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu]
05/26/2013  05:00 PM    <JUNCTION>     Templates [C:\Users\John\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\John\AppData\Local
05/26/2013  05:00 PM    <JUNCTION>     Application Data [C:\Users\John\AppData\Local]
05/26/2013  05:00 PM    <JUNCTION>     History [C:\Users\John\AppData\Local\Microsoft\Windows\History]
05/26/2013  05:00 PM    <JUNCTION>     Temporary Internet Files [C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\John\Documents
05/26/2013  05:00 PM    <JUNCTION>     My Music [C:\Users\John\Music]
05/26/2013  05:00 PM    <JUNCTION>     My Pictures [C:\Users\John\Pictures]
05/26/2013  05:00 PM    <JUNCTION>     My Videos [C:\Users\John\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)   7,509,426,176 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2013/05/10 02:58:02 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2013/05/10 02:58:02 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2013/05/10 02:57:52 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2013/05/10 02:57:46 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2013/05/10 02:57:50 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2013/05/10 02:57:50 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2013/05/10 02:57:52 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2013/05/10 02:57:56 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2013/05/10 02:57:38 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2013/05/10 02:57:54 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2013/05/10 02:57:38 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2013/05/10 02:58:00 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013/05/10 02:57:34 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2013/05/10 02:57:48 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013/05/10 02:57:36 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2013/05/10 02:58:04 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2013/05/10 02:57:54 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2013/05/10 02:58:04 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2013/05/10 02:58:06 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2013/05/10 02:57:44 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2013/05/10 02:57:58 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2013/05/10 02:57:40 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2013/05/10 02:57:58 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 23:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2013/05/10 02:57:46 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2013/05/10 02:57:42 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2013/05/10 02:57:40 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2010/11/15 23:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2010/11/15 23:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2010/11/15 23:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2010/11/15 23:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2010/11/15 23:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2010/11/15 23:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2010/11/15 23:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2010/11/15 23:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2010/11/15 23:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2010/11/15 23:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2010/11/15 23:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2010/11/15 23:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2010/11/15 23:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2010/11/15 23:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2010/11/15 23:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2010/11/15 23:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2010/11/15 23:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2010/11/15 23:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2010/11/15 23:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2010/11/15 23:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2010/11/15 23:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2010/11/15 23:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2010/11/15 23:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2010/11/15 23:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2010/11/15 23:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 13:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/15 23:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 23:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\John\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< End of report >

  • 0

#10
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
OTL Extras logfile created on: 4/17/2014 11:51:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 72.27% Memory free
15.90 Gb Paging File | 13.23 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.81 Gb Total Space | 7.00 Gb Free Space | 7.23% Space Free | Partition Type: NTFS
Drive D: | 14.68 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
Drive F: | 99.46 Mb Total Space | 89.43 Mb Free Space | 89.91% Space Free | Partition Type: FAT32
 
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E478623-29E2-4694-9DA4-3E1EE3E2AACF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{22BC3726-42B4-4164-94D1-A18F4D86B4D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{36EE494A-9627-4CA3-9A64-FCBFA0139168}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4C85C1C2-3E45-44C6-84F8-A20B6C04042F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5F7EF239-7066-4A06-B7DC-5585EFDB4487}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{627231CB-1A87-423A-8C44-CC9019701F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E96215C-42B5-4829-A406-038C3EDE94E8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72D95157-68DD-462B-9EFA-177820C096E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7CCE92E0-79CA-41F4-9A8C-488E541B628A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8487EE8D-FB81-4606-B450-0AFFD297E9E5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9AD142BF-0D8D-4A8C-9BDA-3AF6A99D8E57}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9DEFFD59-C7DE-457E-8BA8-34457AF404A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9ED3E869-10E8-4383-AE20-A9B18EDB9494}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A369AD3B-44BB-4B53-BF73-2D7700E2482A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B348A4B4-6EAD-44A5-8A00-C2CFBDEB4AD8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BB8E4BDB-15FF-4E1D-9894-AFD80C67A8B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BF082EC3-0F80-4C12-8A3B-0D1D70E99566}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CA5A5ABC-3EC4-442B-A762-90B81D381113}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8479AC0-6011-43CB-B0AE-79208C8427CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F648CA59-6AF1-4E01-9D19-B10FC3A07E38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F70020D9-09D6-47E1-83F8-935B7158FE18}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FA2467D3-4415-458F-AE59-24CD693783AD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FFC3BEBB-BB6F-4DF1-A64B-3FC1A4A8C6FE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEE532-461D-4759-AE0D-AFD248CADF34}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0581D722-A4C4-4FBF-B1D5-C4C4EE8E4839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06BA5FE9-E7FC-4C7B-90D9-B7E397C9BE71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06C4A5DD-5FA7-4E78-87F4-951CE84CB027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A4BA7FE-E80B-4FE8-BE51-6583A2149301}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{11925C4F-46C5-47CC-A3F1-D94618F52C96}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{122939D9-7D11-4E5E-829D-A03495A614B9}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{12569505-BDE5-4605-8778-24E3D5C04859}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{1BDA8ED0-D41F-42C0-AC92-7A43DAC463B4}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{27336EF6-C672-463B-BF20-A63B801DBCBC}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\bittorrent\bittorrent.exe | 
"{28691EC0-AA5B-48F8-81E1-9A7BBA0C97F6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2B429156-C6BF-4AEE-941A-151843277944}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{2CEB6427-C9A0-487E-88EF-309B0141EE0A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{372DFB16-F5CE-40F6-A9F1-4278C2ADAF18}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37B4DB18-3C6A-4F7E-B4CF-5E9717B5537F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3900EA53-B90E-4531-97F6-841AA0F4952A}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{3AA5DC62-D991-4ED3-914F-A9F5F1783F06}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{44236817-9C72-4FED-B9AF-943638779C1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4425E7B3-925D-4D70-905A-06CDC264F8C1}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{457311C1-90D5-4427-ABB3-F7ADDECE9B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"{525CA1FD-A433-4617-800A-7CECCA465FB3}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{5BEC9217-53DB-4BEA-B376-D190B085528C}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{5BFADB22-F7D3-4B62-A4CE-F59235A7AD60}" = protocol=1 | dir=in | [email protected],-28543 | 
"{63E0ADD3-CD52-40BA-ADEE-2DA0AC35F1BB}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{6A34A713-F83F-4912-B3DF-D4FD78A748FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6C84B7CF-B3DC-46AB-BEEA-A7C10101ECE8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{787F0A48-251C-4937-8D5A-BB276385A3ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{7A4EAAB9-CA4E-4AF3-8041-7E2D7D192A4B}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{7B371C94-0FEB-48ED-A8C1-40C22BC0514E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{7F4BD6D5-2D75-4EFF-B244-583F244E9717}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"{80F8487A-0600-4DCA-A77B-C6CCC8A261B6}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{861357A5-A595-406B-A5A5-B33CA96ADAF4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{8784A1F7-EA90-4E86-A1EA-E0105C94CFEC}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\bittorrent\bittorrent.exe | 
"{9108BA43-DE1A-46CB-A28C-FEAF97667DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"{A3A5EF2D-26CA-4E79-8BD9-4433E5DA545B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A3D6EBD9-69E1-49CD-9277-05884347B9F7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"{A61DC6F7-B4F9-420E-BDB6-BFD504FD441A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{A9CCD92D-635D-41B5-B7CF-FD088BC63C24}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"{AAACB0C4-75F9-4F22-9572-226D25664657}" = protocol=6 | dir=out | app=system | 
"{AB4F1116-1048-4A31-A992-DB376B8D849E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFF6F81E-EA7F-4DCF-BB14-5904BCC3ED52}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{B10CED0B-0C1A-4250-86D0-69891CF87046}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B464D8CB-E322-4081-99ED-82EFFBB2267B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{C5B6524A-2BA8-44C8-A464-6DCE5A84F7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8CE6B3F-E85E-436C-9938-5F68D1B13E76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB51B930-1BC6-48A0-B2B8-5D438F96F374}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CDDA272E-AAF8-4048-AF47-383FB107CC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CFE4E8E6-AC82-4401-9048-6662E0A07276}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"{D476EC93-473E-4886-99D4-40B75709A3DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8C0F7E4-AB4A-4D23-B117-5375E080FBD8}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D9B5AA58-3A59-490A-9662-5CDCB6156D27}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{EC163B30-144B-46FA-9034-08736BC2B698}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ECF9C4D5-2FD1-41CB-BC96-08CA93D1B84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{ED89BC29-8B1B-4648-9EDB-8FA9A8719DB5}" = protocol=1 | dir=out | [email protected],-28544 | 
"{EFDC3418-8993-4B13-98ED-D4093CED36BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{F2A0AABB-A88D-4132-A4CB-B24F3A0479D9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{F2C54C4E-B089-4529-88DF-9BE0BE411355}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA2A053B-3763-4AF8-B6AE-4B42DE0CFABB}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"TCP Query User{3772B50D-FD47-4377-B068-E965084530C5}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"TCP Query User{39FBDE88-E217-4FE7-8B56-F42B31E9419D}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"TCP Query User{5897A69D-441B-4988-B248-447C035DBF35}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"TCP Query User{87FB77FC-D4AE-4394-BEC2-65CC6C897138}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{EE9793E7-BBC2-4051-96F0-51FC76A4BDF2}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{06BC25CF-FD26-42F8-8183-EDCAE852F56C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{59723CF3-63E2-41B7-8183-E832A030EED5}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{A2AC4674-0C13-459A-9414-F05F35E74A8E}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{B98EE489-7C73-4417-ACBC-D6D80396F714}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"UDP Query User{F4837DCB-AEC3-495A-9FAD-B1094BB07C65}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"CCleaner" = CCleaner
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"dcmsvc_is1" = dcmsvc 1.0
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KOSIPRO" = KOSIPRO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ProInst" = Intel PROSet Wireless
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 2.0.7
"VMware_Player" = VMware Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"xchat" = XChat 2 (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3274223156-926114502-2139461653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"404b9336c7552828" = Flixster
"Dropbox" = Dropbox
"Search Protection" = Search Protection
 
========== Last 20 Event Log Errors ==========
 
[ HP Connection Manager Events ]
Error - 3/13/2014 4:15:51 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/13 03:15:51.036|00001980|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/14/2014 6:31:44 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/14 05:31:44.742|000015B8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/14/2014 6:31:51 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/14 05:31:51.756|000015B8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 3/29/2014 5:31:56 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/29 16:31:56.076|00000C44|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/3/2014 12:27:36 AM | Computer Name = John-HP | Source = hpMobile | ID = 5
Description = 2014/04/02 23:27:36.505|00001220|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 4/6/2014 10:22:17 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/06 21:22:17.560|000019F8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/10/2014 4:16:44 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/10 03:16:44.451|00001548|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/14/2014 1:23:52 PM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/14 12:23:52.916|0000182C|Error      |CWLAN::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
Error - 4/18/2014 12:37:45 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/17 23:37:45.198|00000E6C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 4/18/2014 12:37:46 AM | Computer Name = John-HP | Source = hpCMSrv | ID = 5
Description = 2014/04/17 23:37:46.711|00000E6C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
 
< End of report >

  • 0

Advertisements


#11
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
How is your computer running? Are you still bothered by ads?
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • ScorpionSaver
    • Search Protection
    Inform me if you encounter problems in the removal process.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, ensure a check mark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • log.txt (ESET Online Scan)
    • mbam-log-*.txt (Malwarebytes' Anti-Malware)

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#13
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
My last instructions are still valid--please post the logs once ready. :)
  • 0

#14
Shady

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

Sorry for not responding apparently.  Had a mishap I guess.  I tried to do Step 1, but got these errors so I did NOT go any further until I got some info from you...

 

 

Attached Thumbnails

  • Scorpion Saver.png
  • Search Protection.png

  • 0

#15
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Kindly skip ScorpionSaver (we'll remove it later) and click Yes for Search Protection.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP