Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Validation Fails


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I thank you have to call MS.  It shouldn't cost anything.

 

 OEM SLP: This key comes pre-installed in Windows, when it comes from the Factory. This key is geared to work with the special instructions found only on that Manufacturer's computer hardware. So when Windows was installed using the OEM SLP key (at the factory) Windows 7 looks at the motherboard and sees the special instructions and Self-Activates. (that's why you did not need to Activate your computer after you brought it home)

 

 COA SLP: This is the Product key that you see on the sticker on the side (or bottom,[ or inside the battery compartment]) of your computer. It is a valid product key, but should only be used in limited situations (such as if the OEM SLP key stops self-activating for whatever reason). The key must be activated by Phone. (Note: All manufacturers that use the OEM SLP system are required by contract to include a Certificate of Authenticity (COA) sticker, that has a COA SLP key, on the computer)

 


  • 1

Advertisements


#62
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Here is what the MS Forum had me do:

 

I've uploaded a file - luicom64.zip - to my OneDrive at  Noel's OneDrive

Please download and save it to your desktop.

Right-click on the saved file and select Extract all...

Save it to the default location

This should create a file sluicom64.reg

 right-click on the file, and select Merge

Accept the warnings, - you should then get a 'Success' message.

Close all windows, and reboot.

Run another MGADiag report, and post the results.

 

I've uploaded a file - luicom64.zip - to my OneDrive at  Noel's OneDrive

Please download and save it to your desktop.

Right-click on the saved file and select Extract all...

Save it to the default location

This should create a file sluicom64.reg

 right-click on the file, and select Merge

Accept the warnings, - you should then get a 'Success' message.

Close all windows, and reboot.

Run another MGADiag report, and post the results.

 

 

 

And here are the latest results:

 

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Pale Moon\palemoon.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
Installation ID: 009403489793190695613624699523993334904995575671969772
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 5/9/14 8:57:08 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: 0x00000000
HealthStatus: 0x0000000000000800
Event Time Stamp: 5:6:2014 20:35
WAT Activex: Registered
WAT Admin Service: Registered

HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            HPQOEM        SLIC-CPC
  FACP            HPQOEM        SLIC-CPC
  DBGP            HPQOEM        SLIC-CPC
  HPET            HPQOEM        SLIC-CPC
  MCFG            HPQOEM        SLIC-CPC
  SSDT            HPQOEM        SLIC-CPC
  SLIC            HPQOEM        SLIC-CPC

 


  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Doesn't look like much has changed.  Hopefully he has some other tricks up his sleeve.


  • 0

#64
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

OTL success! I had to go into Windows Explorer and dig out every Foxfire file I could find and delete it, but I finally have the OTL Report:

 

OTL logfile created on: 5/10/14 7:03:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brain\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
 
5.98 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.33% Memory free
11.96 Gb Paging File | 9.33 Gb Available in Paging File | 77.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 848.86 Gb Total Space | 687.89 Gb Free Space | 81.04% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 9.56 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
 
Computer Name: BRAIN-HP | User Name: Brain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/27 16:17:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brain\Downloads\OTL(1).exe
PRC - [2014/04/18 13:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\Brain\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/18 18:43:50 | 002,669,768 | ---- | M] (Siber Systems Inc.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
PRC - [2014/03/18 18:43:50 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/03/12 03:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/02 12:48:44 | 000,036,936 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2013/09/04 12:46:52 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/11/05 02:29:14 | 000,886,664 | ---- | M] (Repkasoft) -- C:\Program Files (x86)\YoWindow\yowindow.exe
PRC - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 22:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/10 18:59:44 | 000,041,984 | ---- | M] () -- c:\Users\Brain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsh8msm.dll
MOD - [2014/05/06 08:10:15 | 000,389,960 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\ppgooglenaclpluginchrome.dll
MOD - [2014/05/06 08:10:11 | 008,527,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\pdf.dll
MOD - [2014/05/06 08:10:06 | 000,717,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\libglesv2.dll
MOD - [2014/05/06 08:10:04 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\libegl.dll
MOD - [2014/05/06 08:10:03 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\ffmpegsumo.dll
MOD - [2014/01/02 22:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Brain\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Brain\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/08 19:16:10 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/07/19 05:40:08 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/27 18:57:52 | 002,721,656 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2012/04/26 04:50:18 | 000,237,056 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/17 14:11:42 | 000,107,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2014/05/07 18:53:31 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/12 03:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe -- (N360)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 12:48:44 | 000,036,936 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/04 12:46:52 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/19 06:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Brain\AppData\Local\Temp\7zS0078\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2013/07/19 05:40:02 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/02 20:48:58 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/04/27 03:07:33 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/04/27 03:06:23 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/03/19 15:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/03 23:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 20:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 20:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/30 22:20:37 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/09/04 14:57:44 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/09/04 12:24:10 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2013/09/04 12:24:10 | 000,061,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2013/09/04 12:24:10 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2013/09/04 12:24:10 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2013/06/06 03:18:33 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2013/05/23 08:39:24 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/02/11 23:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2013/01/06 18:30:14 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/09 15:54:58 | 000,106,832 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DKTLFSMF.sys -- (DKTLFSMF)
DRV:64bit: - [2012/06/18 20:14:34 | 000,052,048 | ---- | M] (Condusiv Technologies) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/05/25 13:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/04/26 06:47:20 | 011,172,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/26 03:32:46 | 000,339,456 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/30 06:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 06:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 06:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 06:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 09:56:58 | 000,014,952 | ---- | M] (Veebeam Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\veebeampol.sys -- (veebeampol)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 13:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/06 00:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/03/25 18:13:42 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140509.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 20:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/01/30 11:23:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140510.001\ex64.sys -- (NAVEX15)
DRV - [2014/01/30 11:23:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/30 11:23:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140510.001\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C46296C9-9FB6-4509-8294-68FA8F44E6DB}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {2A14B2AC-D0E0-4FEA-9F79-3B8BEE1697B0}
IE - HKCU\..\SearchScopes\{2A14B2AC-D0E0-4FEA-9F79-3B8BEE1697B0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_95.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_95.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Brain\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Brain\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brain\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brain\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Brain\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Brain\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2013/01/05 20:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/22 20:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/22 20:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/30 22:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/05/10 18:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/03/18 18:44:33 | 000,000,000 | ---D | M]
 
[2012/06/24 16:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brain\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5014_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1095_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.4_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\knchccdpckooledklhnooegnniofcfip\1.1_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh\2.3.36_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi\3.0.15_0\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Brain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\
 
O1 HOSTS File: ([2014/04/28 19:59:35 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - No CLSID value found.
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8A936F47-6B90-4537-A1BC-6F369A203D47} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Brain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brain\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Brain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{136F715D-1007-4CF1-8ADB-AA43DA411B61}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ECC3F87-7F65-47CB-A24C-E6C8EE539668}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: B Register C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: BFHP - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CheckIt Diagnostics 8 - hkey= - key= - C:\Program Files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe (Smith Micro)
MsConfig:64bit - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EaseUs TB Tray Agent - hkey= - key= - C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe ()
MsConfig:64bit - StartUpReg: EaseUs Tray - hkey= - key= - C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
MsConfig:64bit - StartUpReg: EaseUs Watch - hkey= - key= - C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SkyDrive - hkey= - key= - C:\Users\Brain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: sndappv2 - service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sndappv2 - service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0CE65B51-6256-48BF-9BA2-205FE622D687} - EIEDPLauncher
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1976.2\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{BC455173-F501-4356-804F-571FAFB6EA9A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/10 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Brain\Documents\EBooks
[2014/05/10 04:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/05/10 03:19:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Brain\Desktop\MGADiag.exe
[2014/05/07 20:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/05 19:11:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/05/05 19:11:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/05/03 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/05/03 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\Brain\Documents\WinKeyFinder175
[2014/05/02 20:48:58 | 000,100,312 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/05/02 19:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2014/05/02 19:04:53 | 000,000,000 | ---D | C] -- C:\Users\Brain\AppData\Roaming\SystemRequirementsLab
[2014/05/02 18:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2014/05/02 18:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2014/05/02 18:43:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/02 18:43:46 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/02 18:43:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/02 18:43:46 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/02 18:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/02 18:02:12 | 000,000,000 | ---D | C] -- C:\Users\Brain\AppData\Roaming\DropboxMaster
[2014/04/30 18:11:10 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/04/30 18:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/04/28 20:11:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/04/28 20:06:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/04/28 19:26:18 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/04/28 19:21:29 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/04/28 18:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/04/28 18:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/04/28 18:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/04/28 18:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2014/04/27 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2014/04/27 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2014/04/27 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\Brain\Documents\WI State Jobs Exam Answers
[2014/04/27 03:07:33 | 000,901,848 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/27 03:07:33 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/04/27 03:06:52 | 056,270,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/04/27 03:06:52 | 002,792,152 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/04/27 03:06:52 | 001,286,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/04/27 03:06:52 | 001,024,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/04/27 03:06:52 | 000,946,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/04/27 03:06:52 | 000,624,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/04/27 03:06:51 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/27 03:06:23 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll
[2014/04/27 03:06:23 | 000,094,208 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2014/04/26 23:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/04/26 23:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/04/26 23:55:35 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/26 23:55:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/26 23:55:31 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/25 15:26:57 | 000,000,000 | -HSD | C] -- C:\Users\Brain\AppData\Local\EmieUserList
[2014/04/25 15:26:57 | 000,000,000 | -HSD | C] -- C:\Users\Brain\AppData\Local\EmieSiteList
[2014/04/17 17:46:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/04/16 21:59:22 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/16 21:59:22 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/16 21:59:21 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/16 21:59:18 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/16 21:59:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/16 21:59:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/16 21:59:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/16 21:59:17 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/16 21:59:17 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/16 21:59:17 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/16 21:59:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/16 21:59:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/16 21:59:16 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/16 21:59:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/16 21:59:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/16 21:59:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/16 21:59:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/16 21:59:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/16 21:59:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/16 21:59:15 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/16 21:59:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/16 21:59:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/16 21:59:14 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/16 21:59:14 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/16 21:59:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/16 21:59:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/16 21:59:13 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/16 21:59:13 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/16 21:59:11 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/16 18:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/15 22:02:58 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2014/04/13 19:06:41 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/13 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/13 19:06:26 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/13 19:06:26 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/13 19:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2013/12/23 00:15:09 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Brain\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/10 19:06:22 | 000,024,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/10 19:06:22 | 000,024,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/10 19:04:18 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2014/05/10 19:03:06 | 000,786,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/10 19:03:06 | 000,653,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/10 19:03:06 | 000,119,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/10 19:03:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrain.job
[2014/05/10 18:58:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/10 18:58:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/10 18:58:29 | 523,132,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/10 18:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/10 18:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649025149-514020257-970770016-1000UA.job
[2014/05/10 18:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/10 15:51:59 | 000,356,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/10 03:19:14 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Brain\Desktop\MGADiag.exe
[2014/05/09 22:24:10 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBRAIN-HP$.job
[2014/05/09 20:47:41 | 000,004,420 | ---- | M] () -- C:\Users\Brain\Desktop\profilelist.reg
[2014/05/09 20:35:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649025149-514020257-970770016-1000Core.job
[2014/05/07 20:16:07 | 000,000,000 | ---- | M] () -- C:\END
[2014/05/07 18:53:30 | 000,698,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/07 18:53:29 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/04 17:59:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/03 19:58:23 | 000,001,399 | ---- | M] () -- C:\Users\Brain\Desktop\OTL(1).exe - Shortcut.lnk
[2014/05/03 18:26:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/02 20:48:58 | 000,100,312 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/05/02 18:43:43 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/02 18:43:43 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/02 18:43:43 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/02 18:43:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/02 18:02:13 | 000,001,053 | ---- | M] () -- C:\Users\Brain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/01 20:42:56 | 000,002,237 | ---- | M] () -- C:\Users\Brain\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/28 20:02:51 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/04/28 19:59:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/28 19:57:04 | 000,786,538 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/28 19:48:34 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAIN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/04/28 19:37:37 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_257
[2014/04/28 19:22:01 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAIN-HP--(64-bit).dat
[2014/04/28 18:53:09 | 000,002,117 | ---- | M] () -- C:\Users\Brain\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/04/28 18:39:03 | 000,000,155 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/04/27 03:07:33 | 000,901,848 | ---- | M] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/27 03:07:33 | 000,107,552 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2014/04/27 03:07:33 | 000,073,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/04/27 03:06:52 | 056,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/04/27 03:06:52 | 002,792,152 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/04/27 03:06:52 | 001,286,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/04/27 03:06:52 | 001,024,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/04/27 03:06:52 | 000,946,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/04/27 03:06:52 | 000,757,301 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/27 03:06:52 | 000,624,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/04/27 03:06:51 | 002,770,976 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/27 03:06:23 | 000,110,080 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll
[2014/04/27 03:06:23 | 000,094,208 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2014/04/16 18:52:19 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/04/16 18:52:19 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/04/16 18:52:19 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/04/16 18:52:19 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/04/15 22:02:58 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2014/04/13 21:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/13 21:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/10 19:01:57 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2014/05/10 15:51:48 | 000,356,984 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/09 20:47:49 | 000,004,420 | ---- | C] () -- C:\Users\Brain\Desktop\profilelist.reg
[2014/05/07 20:16:07 | 000,000,000 | ---- | C] () -- C:\END
[2014/05/05 18:08:27 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBrain.job
[2014/05/03 18:26:09 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/05/03 18:26:06 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/01 17:50:09 | 000,001,053 | ---- | C] () -- C:\Users\Brain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/28 19:48:34 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAIN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/04/28 19:22:01 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAIN-HP--(64-bit).dat
[2014/04/28 18:49:00 | 000,002,117 | ---- | C] () -- C:\Users\Brain\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/04/28 18:36:31 | 000,000,155 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/04/27 16:17:53 | 000,001,399 | ---- | C] () -- C:\Users\Brain\Desktop\OTL(1).exe - Shortcut.lnk
[2014/04/27 03:06:52 | 000,757,301 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/17 17:46:09 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/01/01 04:52:55 | 000,225,019 | ---- | C] () -- C:\ProgramData\1388569881.bdinstall.bin
[2013/12/23 00:15:09 | 000,893,239 | ---- | C] () -- C:\Users\Brain\AppData\Local\a.zip
[2013/10/20 16:59:44 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/01 01:52:19 | 000,629,496 | ---- | C] () -- C:\ProgramData\1357022862.bdinstall.bin
[2012/12/20 00:11:33 | 000,151,508 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/03 18:20:20 | 000,211,185 | ---- | C] () -- C:\ProgramData\1346714295.bdinstall.bin
[2012/08/04 15:12:25 | 000,443,805 | ---- | C] () -- C:\ProgramData\1344110798.bdinstall.bin
[2012/07/28 19:50:23 | 000,000,070 | ---- | C] () -- C:\Windows\atomcl.ini
[2012/07/05 14:46:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/23 12:42:14 | 016,834,517 | ---- | C] () -- C:\Program Files\CheckIt Diagnostics.pdf
 
========== ZeroAccess Check ==========
 
[2012/12/23 19:04:58 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721010CLA332
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - 
Interface type: USB
Media Type: 
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 - 
Interface type: USB
Media Type: 
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 - 
Interface type: USB
Media Type: 
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 - 
Interface type: USB
Media Type: 
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 849.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 911565914112
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2013/01/07 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Ad-Aware Antivirus
[2013/02/15 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Adobe
[2012/02/11 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Anuko
[2014/05/02 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Apple Computer
[2011/07/21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\ATI
[2013/12/23 00:14:56 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Catalina – Print Savings
[2014/02/02 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Condusiv_Technologies
[2013/08/24 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\cubby
[2012/12/23 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Digiarty
[2013/11/08 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\DivX
[2014/05/10 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Dropbox
[2014/05/02 18:02:12 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\DropboxMaster
[2012/12/23 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\DVDVideoSoft
[2011/07/31 14:40:58 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\GlarySoft
[2014/03/18 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Glarysoft Giveaway
[2012/06/24 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Hewlett-Packard
[2014/01/31 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\HP Support Assistant
[2013/01/04 19:46:35 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\hpqLog
[2014/01/31 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\HpUpdate
[2011/07/21 20:49:44 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Identities
[2012/09/05 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\InstallShield
[2014/03/08 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\IObit
[2012/12/01 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Lavasoft
[2012/11/24 23:34:56 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\LavasoftStatistics
[2011/08/12 13:52:50 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Leadertech
[2011/08/12 14:01:43 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Logishrd
[2014/05/10 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Logitech
[2013/01/05 03:53:01 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Macromedia
[2014/04/13 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Malwarebytes
[2010/11/21 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Media Center Programs
[2014/05/03 18:25:07 | 000,000,000 | --SD | M] -- C:\Users\Brain\AppData\Roaming\Microsoft
[2014/05/10 18:55:47 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Mozilla
[2013/04/22 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Oracle
[2011/07/25 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\PC Unleashed Online
[2012/08/04 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\QuickScan
[2013/02/07 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Real
[2013/06/20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\RealNetworks
[2014/02/20 20:13:59 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Skype
[2011/08/14 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/02 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\SystemRequirementsLab
[2013/01/04 22:12:53 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Transcend Elite
[2013/08/24 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\VS Revo Group
[2012/10/09 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\Webshots
[2012/07/06 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2011/09/23 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\WinBatch
[2013/01/29 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Brain\AppData\Roaming\YoWindow
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2010/11/20 22:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 22:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
 
< MD5 for: NAPINSP.DLL  >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
 
< MD5 for: NLAAPI.DLL  >
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 22:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 22:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
 
< MD5 for: PNRPNSP.DLL  >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
 
< MD5 for: PRINTISOLATIONHOST.EXE  >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
< MD5 for: WSHELPER.DLL  >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/05/06 08:10:17 | 000,860,488 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/06 03:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/06 03:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/06 03:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 22:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 02:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 02:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
 
< End of report >

  • 0

#65
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

OTL Report #2:

 

OTL Extras logfile created on: 5/10/14 7:03:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brain\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
 
5.98 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.33% Memory free
11.96 Gb Paging File | 9.33 Gb Available in Paging File | 77.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 848.86 Gb Total Space | 687.89 Gb Free Space | 81.04% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 9.56 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
 
Computer Name: BRAIN-HP | User Name: Brain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080FD17B-0EEB-449F-A72A-41EAAF925A31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{09142CF3-9777-487C-918C-7F864E11B305}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0B279F2A-6445-42CE-BFA9-C29230E4BB9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{11A5DEFC-0A30-41BD-AEAD-FCE5443C4505}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{11F2266E-ADCE-4270-94B1-85716FE971C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1E267949-2F0A-4949-B43F-F5115D3C2627}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27B08566-96E7-4F8F-A452-77A464C3EA5A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2F0D191B-BB5E-40CE-AED6-70384730073E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{352EBD28-64BD-4394-9203-4113C22CD167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F62DA08-4F73-4258-A931-DF1218545599}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FEFA0D9-DF62-4F51-8CEA-8B24A6866B45}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6F52F405-74B0-40B2-865D-D119E3824A70}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{77F12A43-4391-4EC3-9658-410CDD55CF87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C4B8EEA-7B35-4C4A-9F12-8BBE6C643D5C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84037DC6-DB82-429E-9CFC-F846F9041CBF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A460BA6-6BE6-4ABE-84BA-ED0F366E7177}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A7F3FB9-D0D6-4AD1-89BD-9C2BCDA34D9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8AE82BD8-A79A-48AB-89B6-277A071686A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B0020D2-35D3-4645-BFF4-D5F49380BFAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A271C261-97DD-49B7-866E-CA472C0905B0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2CB8CA0-B0F6-4E7B-AC80-4FDB597933B4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CB922176-65F3-4B3D-8E61-12DFDBE531D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD183FEC-F11F-4D76-840C-02DED70FDD3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DDE7890A-F9B1-42D5-B18E-67263AD86F45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8620595-BE7D-484F-878C-AE20BB8684FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F95D0430-86C3-44DB-B193-AF1832EB87CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016D1A47-C4BB-4147-809A-1393B1707BEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0579024A-7C87-4BD1-AE85-6276ADE20CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe | 
"{07DE77C8-FDDE-499D-B6A3-ADFF94CC8D12}" = protocol=17 | dir=in | app=c:\windows\system32\msra.exe | 
"{0C0CE707-724A-42E3-84FE-BF6BE6CC85AB}" = protocol=17 | dir=in | app=c:\program files\ccleaner\uninst.exe | 
"{0DAF44C9-00F5-465F-855B-DC67BF9DA409}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{10C29F60-11C2-477A-ABE0-224FDAC6E7D3}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{14C0B482-D28C-42A1-8DBC-1F2B1EB212B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{167DF048-1AB3-4DFC-93B8-0EA41D6EC244}" = protocol=1 | dir=in | [email protected],-28543 | 
"{169A0D75-228A-41E2-88E5-B9FAE92B41C8}" = protocol=17 | dir=in | app=c:\users\brain\appdata\local\huludesktop\huludesktop.exe | 
"{17E426FC-C3C7-480A-91C0-F2CDE7E120EC}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe | 
"{1948D2BE-D665-4580-9966-D91F20F2C754}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft\bingdesktop\bingdesktop.exe | 
"{1990949F-E07F-4D9E-BDFF-DB2253FA890E}" = protocol=17 | dir=in | app=c:\windows\system32\windowsanytimeupgradeui.exe | 
"{19F9785F-EB8F-49E1-A539-E4D45051A591}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{1F9CD76E-A4B2-4CD3-889B-1D937C0C4CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\setup manager\hpdst.exe | 
"{2438EA84-0F54-4756-9653-AB7AD5D65A57}" = protocol=6 | dir=in | app=c:\users\brain\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{25C9ED03-77B7-42C1-A82E-E39211630DA9}" = protocol=6 | dir=in | app=c:\program files (x86)\google\drive\googledrivesync.exe | 
"{2626C7E5-A13C-43DB-B98D-29D53388970E}" = protocol=6 | dir=in | app=c:\program files (x86)\filehippo.com\updatechecker.exe | 
"{2C95BE4F-CEED-410A-8EC5-2D64A87A76BB}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe | 
"{2CE0E3BD-6E0E-4F7B-9363-89D39802F642}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2DD677D8-FA95-4B64-85D3-5DAFE22DC190}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{2E41B689-F894-42C0-B5F8-2942764DB829}" = protocol=6 | dir=in | app=c:\users\brain\appdata\local\temp\7zs0078\hppiw.exe | 
"{32F43C3D-AFA5-4301-BA26-4F19BACCF5A6}" = protocol=17 | dir=in | app=c:\users\brain\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{34C0F304-7F2F-483B-9415-BAA745E5678D}" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\writer\windowslivewriter.exe | 
"{3524157C-2A05-4409-90A7-0EDA133A5DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe | 
"{35A44C04-AF3D-4665-840B-813BA0403F8D}" = protocol=6 | dir=in | app=c:\program files\urexsoft\urex dvd ripper platinum\dvdripper.exe | 
"{376C3152-B016-4059-A41A-BAC303C7D7D9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\helpmanual.exe | 
"{3A5B71B1-64CF-4456-8499-3777BCBB5EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\setup manager\hpdst.exe | 
"{3C382075-D610-4612-82A8-41D395AB0C4E}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{3CFA85D8-7B24-48A3-AF6C-F309CC474966}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3D39EDDF-F22B-451C-B609-E675EEFCC487}" = protocol=17 | dir=in | app=c:\program files (x86)\digiarty\winx blu-ray decrypter\unins000.exe | 
"{3E241494-76FA-423E-8940-E01C8D75DEDE}" = protocol=17 | dir=in | app=c:\users\brain\appdata\local\temp\7zs73f5\hpdiagnosticcoreui.exe | 
"{40B79269-50B7-448B-A1EE-8F0C68D59C59}" = protocol=17 | dir=in | app=c:\program files\vs revo group\revo uninstaller pro\unins000.exe | 
"{415676E6-3D8D-47A1-85B8-1148FA2C9531}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp officejet 6500 e710a-f\bin\helpviewer\hpqlpvwr.exe | 
"{449B6F89-1F0D-4D1E-937D-12F72E917B02}" = protocol=6 | dir=in | app=c:\users\brain\appdata\local\huludesktop\huludesktop.exe | 
"{47DF98E2-E382-4980-9F65-3C54594F90BD}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{48569263-72EE-49DD-806D-CBFE10ADAF88}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google desktop search\googledesktop.exe | 
"{4A0E222A-20EE-4AD3-A54F-8788A847B3A8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{4A4ED04A-B51F-4F2B-A9B1-DA652B4EC794}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google desktop search\googledesktop.exe | 
"{4CE85E55-03EE-4BE8-8F74-AFA947545E10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D353603-F521-4D0E-BCC4-39CAFA7CB1C3}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"{4D869545-AE07-427F-976D-023C8CDE25D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EFCEA40-08EC-4062-BAE0-AA66EFAE6B6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{521AF023-B6A3-4E9F-8BEC-3E39EDA6BB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{52B103F7-3033-4E53-A3C2-5FA8E52FA4B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54382797-07DD-4044-A1F6-2D59B1ECB1FC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{5478AAAF-26D5-4E88-B521-A75426DAF0E8}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe | 
"{552360A5-911D-4E74-89CC-8E7A6321A1AA}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support information\hpsysinfo.exe | 
"{563A4882-EC7D-4FFC-BE4A-DEA1657E5177}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe | 
"{56AEAF13-D047-4D2C-98B8-3C0E460BE114}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft\bingdesktop\bingdesktop.exe | 
"{56F04D7D-EDD6-449B-A9E4-79AEB252043C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56F260FE-1A9B-4AAE-AA6B-9A7C2B059B67}" = protocol=17 | dir=in | app=c:\program files (x86)\hp photo creations\uninst.exe | 
"{570FF9BA-1D9F-41C0-AA8C-28BEE3285D38}" = protocol=17 | dir=in | app=c:\program files (x86)\filehippo.com\updatechecker.exe | 
"{595E7B5C-4684-4AD5-ACF6-9F61FE578582}" = protocol=17 | dir=in | app=c:\windows\system32\recdisc.exe | 
"{5CF4C95E-8626-464E-87B4-C8A80F4E64A2}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe | 
"{5D316CB5-0ACD-4FD2-BFB9-59B8B1A3406B}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\unins000.exe | 
"{60111116-F7B9-4B0C-B67B-64243084E3EE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{6015C8D1-6738-47D6-B64B-60FEA2C9A820}" = protocol=6 | dir=in | app=c:\program files (x86)\digiarty\winx blu-ray decrypter\unins000.exe | 
"{646C26B0-1994-4BFD-A08C-171599262A64}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{64FB3015-FD4E-4F54-98C7-E826510CF300}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6B98FF7F-AEF9-4E30-A1A5-C76A50582230}" = protocol=17 | dir=in | app=c:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6CEE0D85-CF01-498B-B595-DB02AA195709}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{6F25A6E3-DE01-44A4-9F43-A7DBF58FBC8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{6F641DFB-1B0E-4628-AE13-D2A4313A8809}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp officejet 6500 e710a-f\bin\helpviewer\hpqlpvwr.exe | 
"{72F8DACD-8E31-447F-B886-D75107B9F4E3}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | 
"{73586CE1-BA7B-407C-BE98-650CA796C89A}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe | 
"{74C30C1E-BB94-47E7-871D-F898E7BEA8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe | 
"{756BF365-F7BB-4133-AF9B-5019BE44ED49}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\unins000.exe | 
"{757E2DC7-7EFF-46D9-ADD8-9A74D0B6B1AF}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | 
"{797213F5-4516-4C62-92C4-5303E3958E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\writer\windowslivewriter.exe | 
"{80A920AE-E829-4210-87EB-0AA6B640C8C5}" = protocol=6 | dir=in | app=c:\program files (x86)\digiarty\winx blu-ray decrypter\winx blu-ray decrypter.exe | 
"{81026D6D-263E-488F-B639-AF1A38275600}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{81D7643E-E685-480C-B07C-3115345CE234}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83829E1A-750C-44D2-BB57-E7081A883B80}" = protocol=6 | dir=in | app=c:\program files\vs revo group\revo uninstaller pro\unins000.exe | 
"{86628E57-11F2-4836-A0F1-3D8586E6BB54}" = protocol=6 | dir=in | app=c:\program files\vs revo group\revo uninstaller pro\revouninpro.exe | 
"{883B4BD7-AE0B-42A8-AA34-352B9D28D078}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{891E87EB-17EF-40A5-B133-504F64C0FAA4}" = protocol=17 | dir=in | app=c:\users\brain\appdata\roaming\cubby\cubby.exe | 
"{892DC442-F64F-46D8-A99C-6A28F8222973}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{8B287A5B-E41F-4E13-93D7-A569C09CB1D1}" = protocol=6 | dir=in | app=c:\program files (x86)\spywareblaster\spywareblaster.exe | 
"{8BACD5DF-5E8C-4680-B8B3-2718A8581D30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8BAF1312-8FD3-4785-9B55-C0A905ACE73B}" = protocol=6 | dir=in | app=c:\program files (x86)\hp photo creations\photoproduct.exe | 
"{8D1A22E0-BF3A-41C5-AE92-6303E69BA1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp officejet 6500 e710a-f\bin\hpscan.exe | 
"{8F557B18-1615-47CC-8F9E-5E1E49DCA749}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FE078AF-F1FE-4A07-B4CD-1F6180E19B1C}" = protocol=6 | dir=in | app=c:\windows\system32\recdisc.exe | 
"{912501FE-7EC9-440D-AA84-716CFC26E3A0}" = protocol=58 | dir=out | [email protected],-28546 | 
"{9365F588-C5AB-4D8C-9BDA-6F44F12FCEC2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{9860ED32-F7D5-498E-95D3-6C0CF02A4754}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe | 
"{9B0963BB-80B3-4E59-B3EC-B1441867D1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A26721D0-2842-4BB1-9269-99F095D3127B}" = protocol=6 | dir=out | app=system | 
"{A2B1ED0F-C2FF-4C34-AA62-F7894639AA4E}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe | 
"{A5B105CE-52FF-4F5D-BFEC-1E4B48A3899F}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{A5C3A370-ECE3-445B-A174-87DDBBE6A4BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AAE4BD18-5320-4887-9257-6CF62C748299}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{AB414DD8-BC9E-40DC-BABC-CFE3EA535499}" = protocol=6 | dir=in | app=c:\program files (x86)\hp photo creations\uninst.exe | 
"{AC6C3AA7-0789-4856-A14D-E39AD76435BD}" = dir=in | app=c:\users\brain\appdata\local\microsoft\skydrive\skydrive.exe | 
"{AC88AFF7-4CC9-4033-A7C5-037B3CED53E6}" = protocol=17 | dir=in | app=c:\program files\vs revo group\revo uninstaller pro\revouninpro.exe | 
"{AD9A9281-0815-45AE-812A-BC00D593001F}" = protocol=6 | dir=in | app=c:\windows\system32\windowsanytimeupgradeui.exe | 
"{AE11600E-2826-4603-B481-0F1C96C942E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AF06A8CE-20A6-447B-999C-5EE40F4A960D}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe | 
"{B126E0B6-D56E-4A4B-B9FD-DFF83DFBAD46}" = protocol=6 | dir=in | app=c:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B1F926EF-9CBB-49EF-A8E9-DD70C0AD1F24}" = protocol=6 | dir=in | app=c:\users\brain\appdata\roaming\cubby\cubby.exe | 
"{B4D3D7FE-BF2A-4E1F-98B5-8962C5F6176E}" = protocol=17 | dir=in | app=c:\program files (x86)\digiarty\winx blu-ray decrypter\winx blu-ray decrypter.exe | 
"{B50B92CB-C442-4E46-A12F-F181077694AF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\drive\googledrivesync.exe | 
"{B5AB386F-5F58-4B85-B283-E56560273DC4}" = protocol=17 | dir=in | app=c:\program files\condusiv technologies\diskeeper\diskeeper12.exe | 
"{BC4789AD-16E0-43A9-A73E-944A6A60F52E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support information\hpsysinfo.exe | 
"{BD234A4A-5F29-4649-BB2C-69C4C70A3C9A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C082BAE8-BCA4-4DA4-B877-EE7E6498F77E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\mediabuilderhome\mediabuilder.exe | 
"{C11EDB36-E819-4964-A14F-53D7EBBF8593}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{C15AC058-E2B8-4451-908B-7399B5DE375A}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp officejet 6500 e710a-f\bin\hpscan.exe | 
"{C2990C6E-3579-4ADE-ACE9-B810F4AEEB32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C8B55DE8-25F6-44B8-9006-2E1D3A7241E8}" = protocol=6 | dir=in | app=c:\users\brain\appdata\local\temp\7zs73f5\hpdiagnosticcoreui.exe | 
"{CA25BA54-91AF-419F-AB69-154CE7E096CA}" = protocol=17 | dir=in | app=c:\program files\urexsoft\urex dvd ripper platinum\dvdripper.exe | 
"{CA618092-9CB9-49B9-B39F-B1B7C1C4C0AA}" = protocol=6 | dir=in | app=c:\program files\ccleaner\uninst.exe | 
"{CC73B990-FE2D-423D-8FD4-CA53EC9C2AA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF09FEE1-C712-4221-9596-65FC3A283030}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D105632F-BA28-4DCC-940F-DE4FC44D37E3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{D1D61783-356B-4AC0-AB19-0213CF28D7A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5D01A59-12E0-404D-90E2-1CBBEF27A101}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{D63CE96A-9905-4F73-9711-A355E3016E21}" = protocol=6 | dir=in | app=c:\program files\common files\bitdefender\setupinformation\{34480dee-54d6-4985-a817-ca30e9bbc94c}\installer.exe | 
"{D7418986-5132-4D39-94EF-7315A659E430}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D741DEAF-F6BE-4752-BB57-0475E8F7484F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D87D6ACB-0207-44A8-B99D-19C4CC50FB82}" = protocol=17 | dir=in | app=c:\program files (x86)\spywareblaster\spywareblaster.exe | 
"{DB4F106C-C0F9-4088-984A-D9C243FE42EC}" = protocol=6 | dir=in | app=c:\program files\urexsoft\urex dvd ripper platinum\uninstall.exe | 
"{DEA28EB5-9C08-496B-AD62-A65B9B586863}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{E07B7FEE-1865-4AC6-BCD7-4AADC4C076AD}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\helpmanual.exe | 
"{E087D329-4C98-48DA-8C4B-DC6E77B353BA}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe | 
"{E47443A1-84AB-4743-A8F7-616557EE59B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7ED9E00-535C-47C3-98CD-30E3EBD492CD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E8EABA75-D71E-4E34-BF4C-D1D4B08A0F54}" = protocol=17 | dir=in | app=c:\program files\urexsoft\urex dvd ripper platinum\uninstall.exe | 
"{ECDA8C6F-169C-4A28-AAB9-43E88E507034}" = protocol=17 | dir=in | app=c:\program files\common files\bitdefender\setupinformation\{34480dee-54d6-4985-a817-ca30e9bbc94c}\installer.exe | 
"{ECFF6EBA-6100-45C3-A126-F09C6804627B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EF5044BD-409F-4E1E-8FA7-91AE6C730B02}" = protocol=6 | dir=in | app=c:\program files\superantispyware\runsas.exe | 
"{F1431206-6162-4B4D-9850-D013DD3B86B7}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"{F169431C-FB32-45B7-ADB0-3D2F43B12718}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{F3658B3D-D261-468B-BE1E-05524D97AD07}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\mediabuilderhome\mediabuilder.exe | 
"{F457CC91-7818-4DFD-B32E-ED3A6C48DDF1}" = protocol=17 | dir=in | app=c:\program files\superantispyware\runsas.exe | 
"{F62213E3-F4AD-4D2E-BB67-73C910CE15A6}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{F8869ED7-CA73-4FF4-815D-526262218500}" = protocol=6 | dir=in | app=c:\program files\condusiv technologies\diskeeper\diskeeper12.exe | 
"{F8FFC78F-CC4C-4483-817F-4F92E3AAD07E}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{FA63CD89-E60F-474D-AAEA-FF8798367F41}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FC53A476-D9DA-4D2B-9113-14145B4AACD5}" = protocol=17 | dir=in | app=c:\users\brain\appdata\local\temp\7zs0078\hppiw.exe | 
"{FEBDB445-CF2F-4BA4-BF8C-E17B5468C1CB}" = protocol=17 | dir=in | app=c:\program files (x86)\hp photo creations\photoproduct.exe | 
"{FF6C77E3-BB9B-4A84-8FB9-BC24454CBF61}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe | 
"TCP Query User{B95F4EA7-3084-4F46-8791-D4F456C94111}C:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{ED6F099A-AAD2-4433-9E69-D4D7F273F11B}C:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe | 
"UDP Query User{0BB0BB1B-98B4-4B88-9230-EC39657E6AF3}C:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe | 
"UDP Query User{3F6CED83-FD8B-4E93-9FA4-590E16BBEE8F}C:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\brain\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb" = Windows Media Player 64-bit Plug-in Fix
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2C0222FA-7DBD-4AED-862B-1672848539F4}" = Diskeeper 12 Professional
"{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CCF9FC3-76DF-49B2-8ED1-C85DCC58952E}" = CheckIt Diagnostics 8
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{6888C635-E550-4FA4-958E-CE2880B0443B}" = HP Power Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAF3C82-921D-47E1-8685-B36B4E6B5039}" = BCL easyPDF Printer 6
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1E50355-2437-40B0-A016-67B7490FC93E}" = Intel Processor Diagnostic Tool 64bit
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{E319D46F-4F14-4867-94CD-FB203ED60AFC}" = HP Officejet 6500 E710a-f Product Improvement Study
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software
"339B7A8F3F3C10AA41030B876159242270CF93F9" = Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass  (05/21/2013 )
"5D29D4D46ECE2F73D248C93341A43558FFC37C6E" = Windows Driver Package - Escort, Inc. (usbser) Ports  (07/28/2010 1.0.0.0)
"BBABD29A43AB2C61941CD8125AB9F9729813ECE8" = Windows Driver Package - Escort, Inc. (usbser) Ports  (11/09/2012 1.0.0.0)
"C0FE710F55BB86720128BB31B4B2340F22E6F61D" = Windows Driver Package - ESCORT, Inc. (usbser) Ports  (04/24/2013 1.0.0.0)
"C3A68AE56C189121787C8B61800B0DB5521FC891" = Windows Driver Package - ESCORT, Inc. (usbser) Ports  (01/15/2013 1.0.0.0)
"CCleaner" = CCleaner
"Do Not Track Plus Add-on (64bit)_is1" = Do Not Track Plus Add-on (64bit) 2.2.2.1022
"F7CED80D8FBC3EEAA10AD0BE519D09C4E1BEEAB8" = Windows Driver Package - Escort, Inc. (usbser) Ports  (07/28/2010 1.0.0.0)
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0941583C-A10F-4FBB-9B1C-9178CE3BFDAF}" = System Requirements Lab for Intel
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30673869-977C-45B1-9D00-D6C1F630C5C9}" = DetectorTools
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4956ACE3-F537-4418-BB45-FD52395275A7}" = Catalina Savings Printer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1" = Windows Media Player Plus! 2.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AI RoboForm" = RoboForm 7-9-5-7 (All Users)
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 1.0.5289.0208
"Driver Booster_is1" = Driver Booster
"EaseUS Todo Backup Free 6.5_is1" = EaseUS Todo Backup Free 6.5
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Photo Creations" = HP Photo Creations
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"RealPlayer 16.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"uRexDVDRipperPlatinum" = uRex DVD Ripper Platinum
"WinLiveSuite" = Windows Live Essentials
"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 3.0.0
"yowindow" = YoWindow
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cubby" = Cubby
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"OneDriveSetup.exe" = Microsoft OneDrive
"Should I Remove It 1.0.4" = Should I Remove It
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/10/14 6:54:53 PM | Computer Name = Brain-HP | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
 /V; Description = Removed Zinio Reader 4; Error = 0x80042318).
 
Error - 5/10/14 6:59:17 PM | Computer Name = Brain-HP | Source = VSS | ID = 12347
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
 in trying  to contact shadow copy service writers.  The Registry Writer failed to
 respond to a query  from VSS. Check to see that the Event Service and Volume Shadow
 Copy Service  are operating properly, and please check the Application event log 
for any other events.    Operation:    Gathering Writer Data    Executing Asynchronous
 Operation  Context:    Execution Context: Requestor    Current State: GatherWriterMetadata
 
Error - 5/10/14 6:59:17 PM | Computer Name = Brain-HP | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Program Files\VS Revo
 Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller
 Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - eReg;
 Error = 0x80042318).
 
Error - 5/10/14 6:59:55 PM | Computer Name = Brain-HP | Source = VSS | ID = 12347
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
 in trying  to contact shadow copy service writers.  The Registry Writer failed to
 respond to a query  from VSS. Check to see that the Event Service and Volume Shadow
 Copy Service  are operating properly, and please check the Application event log 
for any other events.    Operation:    Gathering Writer Data    Executing Asynchronous
 Operation  Context:    Execution Context: Requestor    Current State: GatherWriterMetadata
 
Error - 5/10/14 6:59:55 PM | Computer Name = Brain-HP | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Program Files\VS Revo
 Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller
 Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - eReg;
 Error = 0x80042318).
 
Error - 5/10/14 7:00:26 PM | Computer Name = Brain-HP | Source = VSS | ID = 12347
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
 in trying  to contact shadow copy service writers.  The Registry Writer failed to
 respond to a query  from VSS. Check to see that the Event Service and Volume Shadow
 Copy Service  are operating properly, and please check the Application event log 
for any other events.    Operation:    Gathering Writer Data    Executing Asynchronous
 Operation  Context:    Execution Context: Requestor    Current State: GatherWriterMetadata
 
Error - 5/10/14 7:00:26 PM | Computer Name = Brain-HP | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Program Files\VS Revo
 Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller
 Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - erLT;
 Error = 0x80042318).
 
Error - 5/10/14 7:45:34 PM | Computer Name = Brain-HP | Source = Application Hang | ID = 1002
Description = The program OTL(1).exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 133c    Start Time:
 01cf6ca936bc68dc    Termination Time: 3    Application Path: C:\Users\Brain\Downloads\OTL(1).exe
 
Report
 Id: c9e77d0e-d89c-11e3-92af-e06995dae38e  
 
Error - 5/10/14 8:05:44 PM | Computer Name = Brain-HP | Source = VSS | ID = 12347
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
 in trying  to contact shadow copy service writers.  The Registry Writer failed to
 respond to a query  from VSS. Check to see that the Event Service and Volume Shadow
 Copy Service  are operating properly, and please check the Application event log 
for any other events.    Operation:    Gathering Writer Data    Executing Asynchronous
 Operation  Context:    Execution Context: Requestor    Current State: GatherWriterMetadata
 
Error - 5/10/14 8:05:44 PM | Computer Name = Brain-HP | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe;
 Description = OTL Restore Point - 5/10/14 7:05:43 PM; Error = 0x80042318).
 
[ Hewlett-Packard Events ]
Error - 11/18/12 9:19:43 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/18/12 9:59:02 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 9:54:51 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 9:57:21 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 9:57:21 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 10:01:26 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 10:01:26 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 10:01:58 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
 
   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Object
 reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
 
   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6126  Ram Utilization: 50  TargetSite: Void closeConnection()
 
 
Error - 11/29/12 10:02:29 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/12 10:03:10 PM | Computer Name = Brain-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ System Events ]
Error - 5/10/14 4:52:44 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x8002801d'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 4:52:59 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x8002801d'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 4:58:55 PM | Computer Name = Brain-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 5/10/14 7:22:01 PM | Computer Name = Brain-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:20:43 PM on ?5/?10/?2014 was unexpected.
 
Error - 5/10/14 7:22:49 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 7:23:02 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x8002801d'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 7:23:10 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x8002801d'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 7:58:34 PM | Computer Name = Brain-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:57:52 PM on ?5/?10/?2014 was unexpected.
 
Error - 5/10/14 7:59:13 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 5/10/14 7:59:40 PM | Computer Name = Brain-HP | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x8002801d'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
 
< End of report >

  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Not seeing anything evil.  You do seem to have Microsoft Security Client and Symantec installed at the same time.  If you are paying for Symantec then uninstall the Microsoft Security Client.

 

There is something funky going on with your Windows Restore.  Doesn't look like it's working.  Should not mess up validation tho.


  • 0

#67
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Yes, I noticed the System Restore isn't working; any ideas on how to fix that?

The MS Forum has not answered my last post from 2 days ago, so I may as well start working on this now! :)


  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Start on http://kb.macrium.com/KnowledgebaseArticle50010.aspx where it says:

 

Open a command prompt and type ‘vssadmin list writers’.  (I'm sure it should be a command prompt that was started with a right click and Run As Admin.)


  • 0

#69
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

The link you posted goes to a 404 Error page on Chrome. On IE11, I can't find the instructions you mentioned in your post. This is what I see:

 

https://www.dropbox....m Software.docx

 

Just an idea I had: is there a start up program I should have running for the Validation to work?

 

I ask because my latest update for iTunes wouldn't even let me open it. I realized then that I had disabled Bonjour  at Start up and when I enabled it, iTunes worked fine. Could there be a similar situation for my validation problem?


Edited by Braind, 18 May 2014 - 04:20 AM.

  • 0

#70
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

It looks my Genuine W7 problem is fixed.

Here is what the MS Forum told me to do:

 

 

Please uninstall Norton (at least temporarily), and clean up using the Norton Removal Tool..

Download the Norton Removal Tool from here https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

 

Close all other programs, then run the tool. When it's complete, reboot the machine  whether it asks for it or not.

 

After the reboot, open an Elevated Command Prompt, and run the following command

 

NETSH WINSOCK RESET

 

You'll be advised to reboot - do so.

then post another MGADiag report.

 

Then do this:

  • I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64.reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.

     

    This worked. 

    I also went to http://www.microsoft...nuine/validate/ and this also says my Windows 7 is genuine.

    Even better, my total restart time for my PC is about 88 seconds (it was taking 3 minutes or more for months prior to this change), which is what it was when it was brand new (2.5 years ago).

    Thanks very much for all your help.

    Now how do we fix System Restore? 


Edited by Braind, 18 May 2014 - 02:17 PM.

  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The long delay is probably thanks to Norton.  It's known for slow starts.  You might try the free Avast.

 

I expect the first thing to try with system restore is to kill all the old restore points.  Just go in and turn off system restore.  Apply and then turn it back on.  That should erase the old points then try and create a new point.


  • 0

#72
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Yes, I think my days of using Norton are over. I am going to go with MS Security Essentials and Malwarebytes for now and see how that works.

 

Yes, I will try the System Restore actions you mentioned. I'll keep you posted.

 

Now I have two Outlook 2010 problems! Will this stuff ever end? :(

1. Emails suddenly stopped allowing me to open links in the body of the emails.

2. I can't get my emails accounts to load new emails on the first try. I have to refresh whenever I get new emails, esp. when I start up Outlook.

I get this error pop up:

"We are unable to sign in to your account. Please try again. Could not authenticate against the Windows Live ID service. Please try again later."

Once I refresh, this fixes it, but this is VERY annoying!


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I would uninstall windows live and then reinstall it.  It provides the logon id which is giving you the hard time.


  • 0

#74
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

I have done this.

 

However, MS Forum says I have some major registry problems:

 

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\
{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses /S

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    AllowInprocActivation    REG_DWORD    0x0
    Description    REG_SZ    Subscribe to this event class to receive object cha
nge notifications.
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassID    REG_SZ    {BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}
    EventClassName    REG_SZ    EventSystem.EventObjectChange2
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    FireInParallel    REG_DWORD    0xffffffff
    FiringInterfaceIID    REG_SZ    {7701A9C3-BD68-438f-83E0-67BF4F53A422}
    OwnerSID    REG_SZ    S-1-5-18
    PublisherID    REG_SZ    {BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}
    TypeLib    REG_EXPAND_SZ    %systemroot%\system32\es.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    AllowInprocActivation    REG_DWORD    0x0
    Description    REG_SZ    Subscribe to this event class to receive object cha
nge notifications
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassID    REG_SZ    {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
    EventClassName    REG_SZ    EventSystem.EventObjectChange
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    FireInParallel    REG_DWORD    0xffffffff
    FiringInterfaceIID    REG_SZ    {F4A07D70-2E25-11D1-9964-00C04FBBB345}
    OwnerSID    REG_SZ    S-1-5-18
    PublisherID    REG_SZ    {D0564C30-9DF4-11D1-A281-00C04FCA0AA7}
    TypeLib    REG_EXPAND_SZ    %systemroot%\system32\es.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    EventClassID    REG_SZ    {D5978620-5B9F-11D1-8DD2-00AA004ABD5E}
    EventClassName    REG_SZ    SENS Network Events
    OwnerSID    REG_SZ    S-1-5-18
    FiringInterfaceIID    REG_SZ    {D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}
    AllowInprocActivation    REG_DWORD    0xffffffff
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    EventClassID    REG_SZ    {D5978630-5B9F-11D1-8DD2-00AA004ABD5E}
    EventClassName    REG_SZ    SENS Logon Events
    OwnerSID    REG_SZ    S-1-5-18
    FiringInterfaceIID    REG_SZ    {D597BAB3-5B9F-11D1-8DD2-00AA004ABD5E}
    AllowInprocActivation    REG_DWORD    0xffffffff
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    SerialFiringTimeout    REG_DWORD    0x2bf20

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    EventClassID    REG_SZ    {D5978640-5B9F-11D1-8DD2-00AA004ABD5E}
    EventClassName    REG_SZ    SENS OnNow Events
    OwnerSID    REG_SZ    S-1-5-18
    FiringInterfaceIID    REG_SZ    {D597BAB2-5B9F-11D1-8DD2-00AA004ABD5E}
    AllowInprocActivation    REG_DWORD    0xffffffff
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    EventClassID    REG_SZ    {D5978650-5B9F-11D1-8DD2-00AA004ABD5E}
    EventClassName    REG_SZ    SENS Logon2 Events
    OwnerSID    REG_SZ    S-1-5-18
    FiringInterfaceIID    REG_SZ    {D597BAB4-5B9F-11D1-8DD2-00AA004ABD5E}
    AllowInprocActivation    REG_DWORD    0xffffffff
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    SerialFiringTimeout    REG_DWORD    0x2bf20

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    AllowInprocActivation    REG_DWORD    0xffffffff
    EventClassID    REG_SZ    {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
    EventClassName    REG_SZ    ComEvents.ComServiceEvents
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    OwnerSID    REG_SZ    S-1-5-18
    Typelib    REG_EXPAND_SZ    %windir%\system32\comsvcs.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    AllowInprocActivation    REG_DWORD    0xffffffff
    EventClassID    REG_SZ    {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
    EventClassName    REG_SZ    ComEvents.ComSystemAppEventData
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    OwnerSID    REG_SZ    S-1-5-18
    Typelib    REG_EXPAND_SZ    %windir%\system32\comsvcs.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000
-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Active    REG_DWORD    0x1
    EventClassID    REG_SZ    {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
    EventClassName    REG_SZ    VssEvent
    OwnerSID    REG_SZ    S-1-5-18
    TypeLib    REG_EXPAND_SZ    %systemroot%\system32\EVENTCLS.DLL
    AllowInprocActivation    REG_DWORD    0xffffffff
    FireInParallel    REG_DWORD    0x0
    EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
    EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}

 


  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I don't have a win 7 with me on this trip so not sure what it should look like.

Run vew and let's see if there are any alarms that might help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP