Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

File Associations Borked; Fixed With Restore, But Worried.. [Solved]


  • This topic is locked This topic is locked

#1
NorthstarATL

NorthstarATL

    Member

  • Member
  • PipPip
  • 62 posts

Hi! My system was running normally when I left home this afternoon, and, upon my return, I had a message on my takk bar  from microsoft windows that a plug-in had stopped working. This happens from time to time with WinTV, so I thought nothing of it, and rebooted the computer (which usually works with WinTV). Everything looked normal except my Dell Dock took an unusually long time to come up. I loaded Firefox, and it became unresponsive, as did several other programs I tried to initiate. When I tried to go into Control Panel or my hard drive storage I got an X message about file associatios being unavailable! I panicked a bit and decided that this was something bad, and rebooted into safe mode. I thought that this seemed recent enough and unmanageable enough that a sytem restore was in order, and I used this a.m. when I installed a Windows update. Thankfully, things seem to be working! BUT, since I don't know what exactly happened, I have no way to guard against it happening agin. So I was hoping if I post a log you folks might be able to give me some peace of mind? Thanks in advance! OL:

OTL logfile created on: 7/14/2014 6:46:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 37.22% Memory free
6.73 Gb Paging File | 4.16 Gb Available in Paging File | 61.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 175.67 Gb Free Space | 30.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 192.76 Gb Free Space | 20.69% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
 
Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/14 18:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2014/07/14 13:30:48 | 000,366,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
PRC - [2014/07/11 10:12:05 | 001,329,744 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kenn\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/06/17 23:10:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/06/02 10:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/06/02 10:38:32 | 005,563,760 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/05/19 20:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2014/03/24 15:07:34 | 003,918,176 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2014/03/24 15:07:28 | 007,177,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2014/03/11 10:13:24 | 000,303,688 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/23 15:37:46 | 036,151,360 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2014/01/19 03:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/13 16:43:24 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2013/09/18 13:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/08/26 04:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013/07/10 15:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2013/01/24 04:00:02 | 000,260,160 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATILAE.EXE
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/07/04 02:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 02:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe
PRC - [2011/10/28 17:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/27 22:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/27 22:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/27 22:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/05/20 13:28:26 | 001,949,088 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2010/10/12 10:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 19:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 23:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/14 18:21:00 | 000,043,008 | ---- | M] () -- c:\Users\Kenn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgy3jg.dll
MOD - [2014/06/17 23:09:33 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/05/13 17:19:03 | 002,584,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cf003c1b98c8ee6f44f11c8c6e1274dc\DellDock.ni.exe
MOD - [2014/05/13 17:18:42 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a709052bfbcc0402d389dc7a47c7ee2b\System.Web.ni.dll
MOD - [2014/05/13 17:18:31 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:57:00 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\40ded9dfc5ea66b34198baee1673abff\WindowsFormsIntegration.ni.dll
MOD - [2014/02/11 23:09:42 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\612e19421bcbb24a6e299fec1740a7cd\MenuSkinning.ni.dll
MOD - [2014/02/11 23:09:31 | 000,477,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VDialog\de4594be63b6aafaff26bd241015e7f1\VDialog.ni.dll
MOD - [2014/02/11 23:09:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\d186baaabceada385bb03cc0db34c3fa\UIAutomationProvider.ni.dll
MOD - [2014/02/11 23:09:16 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\384c592b9d66064620ae8b02b8b0d538\VistaBridgeLibrary.ni.dll
MOD - [2014/02/11 23:09:11 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\f21e31712cb91f685575bd6f0fbb40a3\MyDock.Util.ni.dll
MOD - [2014/02/11 23:08:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/11 23:06:52 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f1616cbeb89e62b890b785c7763b4738\System.Security.ni.dll
MOD - [2014/02/11 23:06:40 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/11 23:06:13 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\02c0c31b20715dbd4f0777bf47b4bf46\Accessibility.ni.dll
MOD - [2014/02/11 22:51:36 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/11 22:51:20 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/11 22:51:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/11 22:50:28 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd996f730710dbbac36cba28f7214b29\System.Core.ni.dll
MOD - [2014/02/11 22:50:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/11 22:50:12 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/11 22:49:39 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/11 22:49:16 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/11 22:49:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/11 22:48:44 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/02/11 22:29:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/11 22:29:14 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/11 22:29:13 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/11 22:28:39 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/11 22:28:24 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/11 22:28:23 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/11 22:28:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/02 21:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/07/04 02:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/27 22:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2014/07/08 22:45:45 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/17 23:09:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/02 10:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/05/31 15:33:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/13 16:43:24 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/11/13 16:42:56 | 000,397,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/09/18 13:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/08/26 04:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/07/04 02:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/10/28 17:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/27 22:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B068128-E794-4BB6-BD3B-44855480A70C}\MpKslc2cb67b2.sys -- (MpKslc2cb67b2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/11/21 17:27:07 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/11/14 18:22:25 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/11/13 16:43:06 | 000,067,912 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/07/04 02:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 02:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 01:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 08:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/09/29 11:21:42 | 001,621,136 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/13 21:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 17:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2003/12/09 10:04:40 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rramdisk.sys -- (RRamdisk)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A172F0D6-0E07-42A0-98BA-B80AF5633D86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A172F0D6-0E07-42A0-98BA-B80AF5633D86}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.c...p?hl=en&tab=ww"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:8.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:10.3.8
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/17 23:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/17 23:08:58 | 000,000,000 | ---D | M]
 
[2013/02/15 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2013/11/11 15:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/11/11 15:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2014/07/11 00:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions
[2014/06/18 13:56:52 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2014/03/25 03:33:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/19 06:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\extensions
[2013/11/14 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2014/06/19 15:06:58 | 000,180,750 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\[email protected]
[2014/06/19 15:06:19 | 000,002,932 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\[email protected]
[2014/07/02 21:12:18 | 000,155,965 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014/06/05 03:27:47 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/11 00:48:49 | 000,293,614 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/06/17 23:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/17 23:10:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Google Wallet = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/01/29 10:50:25 | 000,039,310 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.egdating.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 647 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [uTorrent] C:\Users\Kenn\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/11 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\DVD Flick
[2014/07/11 10:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2014/07/11 10:18:50 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2014/07/08 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenMG Jukebox
[2014/07/06 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicStage
[2014/07/06 17:24:08 | 000,770,048 | ---- | C] (Gracenote) -- C:\Windows\System32\CDDBUISony.dll
[2014/07/06 17:24:07 | 000,655,360 | ---- | C] (Gracenote, Inc.) -- C:\Windows\System32\CDDBControlSony.dll
[2014/07/06 17:24:07 | 000,589,824 | ---- | C] (Gracenote) -- C:\Windows\System32\CddbMusicIDSony.dll
[2014/07/06 17:24:07 | 000,073,728 | ---- | C] (Gracenote) -- C:\Windows\System32\CddbLinkSony.dll
[2014/07/06 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/07/06 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicStage
[2014/07/06 17:20:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Iosubsys
[2014/07/06 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Sony Corporation
[2014/07/06 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2014/07/06 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2014/07/04 12:51:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Acer
[2014/07/04 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/07/04 11:52:44 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Leader Technologies
[2014/07/04 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Epson
[2014/07/04 11:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/07/04 11:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2014/07/04 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/07/04 11:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2014/07/04 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2014/07/04 11:28:32 | 000,000,000 | ---D | C] -- C:\Users\Kenn\{2124506c-618c-47d8-9314-a48d1395d2cf}
[2014/07/04 11:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/06/22 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Adobe
[2014/06/17 23:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/14 18:51:18 | 000,078,336 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/14 18:44:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/14 18:36:00 | 000,000,917 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Update {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/14 18:36:00 | 000,000,731 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Invitation {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/14 18:34:24 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2014/07/14 18:20:20 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2014/07/14 18:19:33 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2014/07/14 18:19:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/14 18:16:03 | 000,008,192 | ---- | M] () -- C:\Windows\System32\WDPABKP.dat
[2014/07/14 18:15:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 18:15:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 18:14:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/14 17:42:53 | 000,002,032 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2014/07/14 17:10:18 | 000,031,047 | ---- | M] () -- C:\f1a16983-afc4-4b3d-8e2e-36579a8f27f4.dmp
[2014/07/14 08:57:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/14 08:34:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2014/07/13 12:52:29 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2014/07/13 12:09:08 | 000,388,038 | ---- | M] () -- C:\Users\Kenn\Documents\Tyler_Att_Wall.jpg
[2014/07/13 11:46:05 | 000,323,669 | ---- | M] () -- C:\Users\Kenn\Documents\MattRodwellWP.jpg
[2014/07/13 11:35:53 | 000,291,963 | ---- | M] () -- C:\Users\Kenn\Documents\MattRodwellWP2.jpg
[2014/07/12 19:35:36 | 002,209,834 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-020.jpg
[2014/07/12 19:35:02 | 002,336,134 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-015.jpg
[2014/07/12 19:34:55 | 002,132,692 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-014.jpg
[2014/07/12 19:34:42 | 001,539,738 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-012.jpg
[2014/07/12 19:33:54 | 002,083,883 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-004.jpg
[2014/07/12 16:36:25 | 000,397,158 | ---- | M] () -- C:\Users\Kenn\Documents\Batgirl_NSA_L.jpg
[2014/07/12 11:14:22 | 001,697,952 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-020.jpg
[2014/07/12 11:14:04 | 001,726,573 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-019.jpg
[2014/07/12 11:12:40 | 001,727,745 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-008.jpg
[2014/07/12 11:12:20 | 001,850,509 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-007.jpg
[2014/07/12 11:11:22 | 001,728,342 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-000.jpg
[2014/07/11 23:31:10 | 000,243,370 | ---- | M] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_B.jpg
[2014/07/11 23:29:16 | 000,243,831 | ---- | M] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_BB.jpg
[2014/07/11 10:16:37 | 000,642,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/11 10:16:37 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/11 10:12:05 | 000,000,736 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/10 17:22:32 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/09 15:23:04 | 001,164,631 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-009_L.jpg
[2014/07/09 15:02:35 | 000,999,183 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-008_L.jpg
[2014/07/09 10:59:03 | 003,794,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/08 15:55:19 | 000,066,964 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20140708_155512.reg
[2014/07/04 12:17:10 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2014/07/04 11:56:03 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2014/07/02 17:42:32 | 002,919,274 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-013-(2014)-(Digital)-(Nahga-Empire)-010.jpg
[2014/07/02 14:30:47 | 000,276,063 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot_GuysOnTheBeach.jpg
[2014/07/02 14:09:16 | 000,392,326 | ---- | M] () -- C:\Users\Kenn\Documents\Flash_EmptyHanded.jpg
[2014/07/02 14:07:49 | 000,593,542 | ---- | M] () -- C:\Users\Kenn\Documents\Earth2_InvasionWall.jpg
[2014/07/02 13:50:44 | 000,398,830 | ---- | M] () -- C:\Users\Kenn\Documents\Batgirl_NSA.jpg
[2014/07/02 13:48:33 | 000,392,700 | ---- | M] () -- C:\Users\Kenn\Documents\AS_HoldTheWorld.jpg
[2014/07/02 13:47:24 | 000,420,163 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-023.jpg
[2014/07/02 13:37:58 | 001,996,927 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-012.jpg
[2014/07/02 13:34:25 | 004,647,290 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-003.jpg
[2014/07/02 02:04:32 | 000,125,701 | ---- | M] () -- C:\Users\Kenn\Documents\RB_RD.jpg
[2014/06/29 13:14:02 | 001,696,032 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2014/06/29 13:13:47 | 001,537,685 | ---- | M] () -- C:\Users\Kenn\Documents\15.jpg
[2014/06/28 08:45:22 | 001,191,046 | ---- | M] () -- C:\Users\Kenn\Documents\Loki - Agent of Asgard 005-000.jpg
[2014/06/25 14:35:12 | 001,542,475 | ---- | M] () -- C:\Users\Kenn\Documents\Uncanny Avengers 021-000.jpg
[2014/06/23 07:59:53 | 000,215,581 | ---- | M] () -- C:\Users\Kenn\Documents\TM_SunSoaking.jpg
[2014/06/23 07:57:41 | 000,217,257 | ---- | M] () -- C:\Users\Kenn\Documents\TM_Tude.jpg
[2014/06/22 23:18:08 | 064,856,514 | ---- | M] () -- C:\Users\Kenn\Documents\Severinka_06_22_2014.package
[2014/06/21 23:20:05 | 000,314,069 | ---- | M] () -- C:\Users\Kenn\Documents\Hangin Out.jpg
[2014/06/21 23:18:44 | 000,257,756 | ---- | M] () -- C:\Users\Kenn\Documents\JoeyPal_WP.jpg
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/14 17:30:47 | 000,001,447 | ---- | C] () -- C:\Users\Kenn\Desktop\My Google Docs.lnk
[2014/07/14 17:10:14 | 000,031,047 | ---- | C] () -- C:\f1a16983-afc4-4b3d-8e2e-36579a8f27f4.dmp
[2014/07/13 12:05:44 | 000,388,038 | ---- | C] () -- C:\Users\Kenn\Documents\Tyler_Att_Wall.jpg
[2014/07/13 11:35:53 | 000,291,963 | ---- | C] () -- C:\Users\Kenn\Documents\MattRodwellWP2.jpg
[2014/07/13 11:10:58 | 000,323,669 | ---- | C] () -- C:\Users\Kenn\Documents\MattRodwellWP.jpg
[2014/07/13 09:06:55 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2014/07/12 19:35:35 | 002,209,834 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-020.jpg
[2014/07/12 19:35:02 | 002,336,134 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-015.jpg
[2014/07/12 19:34:55 | 002,132,692 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-014.jpg
[2014/07/12 19:34:42 | 001,539,738 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-012.jpg
[2014/07/12 19:33:53 | 002,083,883 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-004.jpg
[2014/07/12 11:14:21 | 001,697,952 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-020.jpg
[2014/07/12 11:14:03 | 001,726,573 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-019.jpg
[2014/07/12 11:12:40 | 001,727,745 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-008.jpg
[2014/07/12 11:12:20 | 001,850,509 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-007.jpg
[2014/07/12 11:11:21 | 001,728,342 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-000.jpg
[2014/07/09 14:40:13 | 001,164,631 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-009_L.jpg
[2014/07/09 14:39:36 | 000,999,183 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-008_L.jpg
[2014/07/08 15:55:15 | 000,066,964 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20140708_155512.reg
[2014/07/08 12:00:32 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2014/07/08 12:00:31 | 000,000,922 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.sc
[2014/07/08 12:00:29 | 000,262,416 | ---- | C] () -- C:\Windows\System32\Asfv2.dll
[2014/07/06 17:24:07 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2014/07/04 12:36:05 | 000,000,731 | ---- | C] () -- C:\Windows\tasks\EPSON XP-410 Series Invitation {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/04 12:36:00 | 000,000,917 | ---- | C] () -- C:\Windows\tasks\EPSON XP-410 Series Update {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/04 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/07/04 11:56:03 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX
[2014/07/04 11:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2014/07/04 11:56:02 | 000,000,003 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2014/07/02 17:42:32 | 002,919,274 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-013-(2014)-(Digital)-(Nahga-Empire)-010.jpg
[2014/07/02 14:30:47 | 000,276,063 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot_GuysOnTheBeach.jpg
[2014/07/02 14:09:16 | 000,392,326 | ---- | C] () -- C:\Users\Kenn\Documents\Flash_EmptyHanded.jpg
[2014/07/02 14:05:39 | 000,593,542 | ---- | C] () -- C:\Users\Kenn\Documents\Earth2_InvasionWall.jpg
[2014/07/02 13:51:57 | 000,397,158 | ---- | C] () -- C:\Users\Kenn\Documents\Batgirl_NSA_L.jpg
[2014/07/02 13:50:08 | 000,398,830 | ---- | C] () -- C:\Users\Kenn\Documents\Batgirl_NSA.jpg
[2014/07/02 13:48:33 | 000,392,700 | ---- | C] () -- C:\Users\Kenn\Documents\AS_HoldTheWorld.jpg
[2014/07/02 13:42:04 | 000,420,163 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-023.jpg
[2014/07/02 13:37:58 | 001,996,927 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-012.jpg
[2014/07/02 13:34:25 | 004,647,290 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-003.jpg
[2014/07/02 02:03:33 | 000,125,701 | ---- | C] () -- C:\Users\Kenn\Documents\RB_RD.jpg
[2014/06/29 13:14:02 | 001,696,032 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2014/06/29 13:13:47 | 001,537,685 | ---- | C] () -- C:\Users\Kenn\Documents\15.jpg
[2014/06/26 19:59:04 | 000,243,831 | ---- | C] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_BB.jpg
[2014/06/26 19:58:41 | 000,243,370 | ---- | C] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_B.jpg
[2014/06/25 14:35:11 | 001,542,475 | ---- | C] () -- C:\Users\Kenn\Documents\Uncanny Avengers 021-000.jpg
[2014/06/23 07:59:53 | 000,215,581 | ---- | C] () -- C:\Users\Kenn\Documents\TM_SunSoaking.jpg
[2014/06/23 07:56:53 | 000,217,257 | ---- | C] () -- C:\Users\Kenn\Documents\TM_Tude.jpg
[2014/06/22 23:11:46 | 064,856,514 | ---- | C] () -- C:\Users\Kenn\Documents\Severinka_06_22_2014.package
[2014/06/21 23:20:05 | 000,314,069 | ---- | C] () -- C:\Users\Kenn\Documents\Hangin Out.jpg
[2014/06/21 23:18:01 | 000,257,756 | ---- | C] () -- C:\Users\Kenn\Documents\JoeyPal_WP.jpg
[2014/06/21 22:58:13 | 000,261,455 | ---- | C] () -- C:\Users\Kenn\Documents\JK_L_C_009.jpg
[2014/02/13 16:20:29 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2014/02/13 16:20:29 | 000,000,058 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2014/02/13 14:29:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/03 07:33:57 | 000,000,211 | ---- | C] () -- C:\Users\Kenn\.swfinfo
[2013/12/30 14:53:08 | 000,001,487 | ---- | C] () -- C:\Users\Kenn\AppData\Local\recently-used.xbel
[2013/12/06 16:45:18 | 000,000,072 | ---- | C] () -- C:\Windows\JascCmdFile.INI
[2013/11/11 14:37:27 | 000,000,436 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2013/04/29 12:49:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/04/23 08:50:59 | 000,000,227 | ---- | C] () -- C:\Users\Kenn\736884F1_00000001_000000000006CBAC.vpxy
[2013/01/19 01:30:25 | 000,091,964 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/01/09 18:39:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/01/02 13:49:18 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/01/02 12:25:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/12/09 14:23:08 | 000,000,098 | ---- | C] () -- C:\Users\Kenn\hosts
[2012/09/21 15:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/09/21 15:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/09/21 15:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/07/14 20:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/03 00:14:28 | 000,078,336 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 20:37:35 | 000,002,032 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/31 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\29156
[2014/07/04 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Acer
[2014/06/07 11:38:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AdvertismentImages
[2014/07/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Audacity
[2012/04/21 00:49:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Azureus
[2013/09/06 01:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\calibre
[2012/03/12 14:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2012/11/04 02:33:17 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\Common
[2014/03/28 19:41:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2012/09/15 15:33:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DeepBurner
[2014/07/14 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DisplayFusion
[2014/02/13 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DonationCoder
[2014/07/14 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dropbox
[2014/07/14 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DropboxMaster
[2014/05/31 12:00:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DVDFab9
[2014/07/04 11:52:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Epson
[2013/04/29 10:26:05 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2014/05/30 19:11:35 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GogiiGames
[2013/09/02 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\HandBrake
[2013/11/02 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2012/11/26 14:55:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\iPadian
[2014/07/04 11:52:53 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Leader Technologies
[2014/04/03 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Leadertech
[2013/10/18 10:48:07 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Marine Aquarium 3
[2014/06/14 12:44:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Media Freeware
[2014/06/14 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\mkvtoolnix
[2012/12/15 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\mp3DirectCut
[2012/07/21 18:17:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Music Editor Free
[2013/09/21 07:50:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Octane
[2012/03/09 16:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2014/04/05 08:17:35 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Oracle
[2012/03/22 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Origin
[2012/04/17 21:02:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Peter L Jones
[2012/09/21 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2012/03/30 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2014/07/06 12:45:51 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2014/07/14 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Syncdocs
[2013/12/28 04:51:10 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\The Sims Resource
[2014/06/06 14:19:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Time Inspector
[2013/12/28 04:54:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop
[2014/07/14 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2013/06/12 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2012/10/10 18:38:41 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:91FF95D8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Why did you run OTL for three times? Post the Extras.txt located in C:\Users\Kenn\Downloads.
  • 0

#3
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

That's odd. I only hit run once, and there don't seem to have been any other log files created, but I see the "3" in the text that you're seeing. Weird. Here's the Extras:

OTL Extras logfile created on: 11/13/2013 10:24:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.90% Memory free
6.73 Gb Paging File | 5.00 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 58.36 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
 
Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" /ADD "%1" (KMP Media co.,Ltd)
Directory [KMPlayer.Play] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" "%1" (KMP Media co.,Ltd)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02513B14-6A84-4F14-8ADF-37EC965BDC96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22708301-DAC8-427C-8334-E296D9D19362}" = rport=137 | protocol=17 | dir=out | app=system |
"{239220DA-11BD-45C5-9111-7926B49FBB7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CEF591B-5170-46B7-8342-E16E0DBA6439}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3044C1BF-2257-4D61-9CF0-2A92465D57E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{32C1FCE2-216F-40A3-8FA4-EFD6DDDCB19B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CFC52AF-0F2A-4F28-90DC-2D33B440C4DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50EE8241-FAF1-4A2D-A180-3A3FE07CD91C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5124D46D-C892-4B99-926C-307112EE3A90}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D3E5972-1A2C-451B-9B1D-9A801028D994}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8607AB35-38AE-4C42-B198-26C5F8981EFC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{94E13066-9AB3-474D-9E41-B737DE217F22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{95C579EF-20A6-4173-9EED-8FDC4CD7ED07}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BA3F0D1-37A5-4477-B994-CCB05759D94B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A63670ED-A5A6-4F98-B6FF-32CCE7F1533A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A685E813-F348-4E2E-82E2-85CCD3B66B36}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC247505-E4FE-4C79-9439-3AB5BCE55545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E0397B74-2D1C-4451-BE42-50D7B0E69777}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA82CBFD-B987-4714-A0C2-644085B1FF2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F79E99FE-149A-4A7A-9F33-FF3F2FACBFAF}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1028B29B-5181-4ADA-9338-3EC9ED0B1470}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{11E4C9C7-BD18-4D8F-AA3A-2DEFD3F8436D}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{23818147-925C-4926-99CF-E0E7274D9E6C}" = protocol=58 | dir=in | [email protected],-28545 |
"{33E7781B-6E37-4D50-BAC7-ABD11682D79D}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{4125FF64-DF3D-4F75-BCD5-F050F7E85321}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{435A53FE-F757-46B1-A391-8BE4C613144E}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{666F578A-D8A2-4086-9834-42BE813367B0}" = protocol=1 | dir=out | [email protected],-28544 |
"{6CE52EC5-B702-4A16-83E7-649B51989F11}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{70D27A0D-F5C9-4B72-AE9C-D97835B22C1B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{76CA60F4-ED3C-4359-A186-DC66F75464BA}" = protocol=1 | dir=in | [email protected],-28543 |
"{7C9A2CBF-9A8C-491D-A6BC-0B618EA51F58}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{91153892-C674-48DC-89F5-75F967195886}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{93F1AA91-5181-4EA7-A069-99A5C6D0E8F6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{9D357516-130A-4ABD-94B9-92674FE90A80}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9D9B01F1-EF0C-478C-93D1-9134DD0DE673}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{A46520E8-A8D3-4D87-A52C-46F06B914DCB}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{B00CBC3A-8625-43CD-9E8D-38E41B4F2B24}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B0D8BAFA-ACBA-43DC-A044-8F3CBB281D67}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{C8A64341-373A-479E-921A-F36951FF3ACD}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D45D3158-1833-4195-B7AC-5BF75879562B}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E0CBF18D-11BD-47B6-9543-56EF27B0D6E7}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{EA7D5FF9-0F23-4BDE-B59D-90DD9830A483}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC626C76-7D64-4A0B-AD6C-FFBB151F90B0}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{EFC0E954-A83F-446D-B893-12FB9F769929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F36AF875-3E4B-4F7E-ACB4-C40AA4094DBD}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F5E7ECDE-E6FA-426D-8C8B-F90EF25577DF}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{0A4C89A5-353A-4E0D-838E-9E3A19F2A9F3}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{1A2AA946-AD75-4F73-AA37-1BB269B52771}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{1D9B236B-6297-49D3-88DC-7B390A82F087}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{562A3DE8-ADA3-4E97-8510-DA428D4BD367}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{636DDE61-A534-4A35-91EC-34B7BD6343E3}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{A6550375-4AD6-4A79-85F1-ECF9C52F52CB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F6670925-97A5-4377-9D2A-6EA2CC39BABB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{2A16E681-4619-4905-A2EA-EDDB63CEF68F}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{9FA2A8EA-491A-4C85-848E-BC2F7228FD88}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{C100D518-4D0E-4D99-AD5E-0127563012F5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C4078223-E6B6-43F2-8021-3CE950FD5F2C}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{CDC2450D-AECF-4A46-82DF-6C3308324C17}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{D5905C0C-3F8A-484C-87C1-127371DC8786}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{F4480C5A-70F2-4F27-9E5C-FC777ACE527D}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1" = Free WebM to AVI Converter 1.0
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{424E1389-2414-4394-9476-5D26316F291F}" = IE Download Helper
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42B72780-640C-40A1-B285-ABEF3F4D9D6E}_is1" = Batman Arkham City Game Of The Year Edition
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1" = MassTube 11.1.1.627
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7C5578-1985-141E-4D5E-1FDEA31265C9}" = ccc-utility
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.9
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{976D65A4-87F9-430F-80F6-27B60BC74AA9}" = Hauppauge Tuning Adapter Proxy
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A19DD749-DBCC-462B-A692-9E62E629F6C4}" = Syncdocs
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4B004B0-B6D3-4BA8-B012-3F79A931CF9E}" = BlueStacks Notification Center
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}" = calibre
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}" = ArcSoft WebCam Companion 3
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDEE7660-E08C-4824-8577-6CE12F8C3492}_is1" = gPhotoShow v1.6.3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1E6B103-4FFE-45D5-ACE3-8FD1E14A7F4B}" = FULL-DISKfighter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC [email protected]
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims™ 3 70s, 80s, & 90s Stuff
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EAB74CB6-760C-2136-FC77-9549721FB84A}" = AMD Catalyst Install Manager
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F859EACD-283B-449C-AD10-9EC74E824FB9}" = Marine Aquarium
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AACACM" = AAC ACM Codec 1.9
"AC3ACM" = AC-3 ACM Codec 2.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.3.1
"BlueStacks App Player" = BlueStacks App Player
"Bodyshop Mechanic.36b" = Bodyshop Mechanic
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Dock" = Dell Dock
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstall)
"Digital Editions" = Adobe Digital Editions
"DreamAqua" = Dream Aquarium
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v2.2
"Explorer Suite_is1" = Explorer Suite IV
"ffdshow_is1" = ffdshow v1.1.4382 [2012-03-12]
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 3.1.1
"Free Sound Recorder_is1" = Free Sound Recorder v9.3.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.28104)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV-DCR-2650 IR Service" = Hauppauge WinTV-DCR-2650 IR Service
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Miro Video Converter" = Miro Video Converter
"MKVToolNix" = MKVToolNix 5.5.0
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Picasa 3" = Picasa 3
"PrintKey2000" = PrintKey2000
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"s3pe" = s3pe - Sims3 Package Editor
"Shop for HP Supplies" = Shop for HP Supplies
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"ST6UNST #1" = Sims 2 Categorizer
"ST6UNST #2" = Sims 2 NPC Replacer
"The KMPlayer" = The KMPlayer (remove only)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CC Magic" = CC Magic
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
 
< End of report >

Thanks for answering, BTW!


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi NorthstarATL, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

That Extras.txt file is very old.

 
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Java 6 Update 35
    • Java 7 Update 45
 
  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #3 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O13 - gopher Prefix: missing
      [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
      @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:91FF95D8
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

      :Commands
      [emptytemp]
      [resethosts]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #4 Scan with OTL
    • Re-run OTL
    • From the Extra Registry choose Use SafeList;
    • Click the Run Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • OTL Log(s) --
      • OTL Fix Log
      • OTL.txt
      • Extras.txt
Regards,
Valinorum
  • 0

#5
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Thanks! The two Java updates: Couldn't find them in the Programs & Features, but found the first by doing a search. There was no 'uninstall', so I deleted it. Whem I ran  a search for the second the only instance that was found was in the OTL log.

OTL Fix Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Windows\System32\drivers\~GLH0001.TMP deleted successfully.
ADS C:\ProgramData\TEMP:91FF95D8 deleted successfully.
ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kenn
->Temp folder emptied: 150724516 bytes
->Temporary Internet Files folder emptied: 28801077 bytes
->Java cache emptied: 328304 bytes
->FireFox cache emptied: 378373440 bytes
->Google Chrome cache emptied: 19408099 bytes
->Flash cache emptied: 62883 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4354416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 989809 bytes
 
Total Files Cleaned = 556.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07182014_065530

Files\Folders moved on Reboot...
C:\Windows\temp\Temporary ASP.NET Files\root\cb4dc7d1\1216524a\assembly\dl3\d1489bcf\000ce885_b895cc01\WinTVExtender.EXE moved successfully.
File\Folder C:\Windows\temp\etilqs_JdTmDUVeQoE1AkX not found!
C:\Windows\temp\JETD8D1.tmp moved successfully.
File\Folder C:\Windows\temp\TMP00000015FBAA7C76C6223C64 not found!
File\Folder C:\Windows\temp\TMP00000018934725850E24B40C not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Run Log:

OTL logfile created on: 7/18/2014 7:57:11 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 46.54% Memory free
6.73 Gb Paging File | 4.43 Gb Available in Paging File | 65.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 190.90 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 171.04 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
 
Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/14 18:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2014/06/29 20:20:22 | 010,214,000 | ---- | M] (PandoraTV) -- C:\Program Files\The KMPlayer\KMPlayer.exe
PRC - [2014/06/17 23:10:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/06/02 10:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/06/02 10:38:32 | 005,563,760 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/05/19 20:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2014/03/24 15:07:34 | 003,918,176 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2014/03/24 15:07:28 | 007,177,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/23 15:37:46 | 036,151,360 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/13 16:43:24 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2013/09/18 13:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/08/26 04:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013/07/10 15:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2013/01/24 04:00:02 | 000,260,160 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATILAE.EXE
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/07/04 02:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 02:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe
PRC - [2011/10/28 17:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/27 22:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/27 22:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/27 22:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/05/20 13:28:26 | 001,949,088 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2010/10/12 10:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 19:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 23:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/18 07:46:26 | 000,043,008 | ---- | M] () -- c:\Users\Kenn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgxhqpl.dll
MOD - [2014/06/17 23:09:33 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/05/13 17:19:03 | 002,584,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cf003c1b98c8ee6f44f11c8c6e1274dc\DellDock.ni.exe
MOD - [2014/05/13 17:18:42 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a709052bfbcc0402d389dc7a47c7ee2b\System.Web.ni.dll
MOD - [2014/05/13 17:18:31 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:57:00 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\40ded9dfc5ea66b34198baee1673abff\WindowsFormsIntegration.ni.dll
MOD - [2014/02/11 23:09:42 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\612e19421bcbb24a6e299fec1740a7cd\MenuSkinning.ni.dll
MOD - [2014/02/11 23:09:31 | 000,477,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VDialog\de4594be63b6aafaff26bd241015e7f1\VDialog.ni.dll
MOD - [2014/02/11 23:09:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\d186baaabceada385bb03cc0db34c3fa\UIAutomationProvider.ni.dll
MOD - [2014/02/11 23:09:16 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\384c592b9d66064620ae8b02b8b0d538\VistaBridgeLibrary.ni.dll
MOD - [2014/02/11 23:09:11 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\f21e31712cb91f685575bd6f0fbb40a3\MyDock.Util.ni.dll
MOD - [2014/02/11 23:08:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/11 23:06:52 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f1616cbeb89e62b890b785c7763b4738\System.Security.ni.dll
MOD - [2014/02/11 23:06:40 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/11 23:06:13 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\02c0c31b20715dbd4f0777bf47b4bf46\Accessibility.ni.dll
MOD - [2014/02/11 22:51:36 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/11 22:51:20 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/11 22:51:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/11 22:50:28 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd996f730710dbbac36cba28f7214b29\System.Core.ni.dll
MOD - [2014/02/11 22:50:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/11 22:50:12 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/11 22:49:39 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/11 22:49:16 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/11 22:49:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/11 22:48:44 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/02/11 22:29:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/11 22:29:14 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/11 22:29:13 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/11 22:28:39 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/11 22:28:24 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/11 22:28:23 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/11 22:28:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/02 21:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/07/04 02:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/07/04 01:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012/02/18 00:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/27 22:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2014/07/08 22:45:45 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/17 23:09:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/02 10:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/05/31 15:33:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/13 16:43:24 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/11/13 16:42:56 | 000,397,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/09/18 13:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/08/26 04:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/07/04 02:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/10/28 17:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/27 22:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/07/18 07:43:45 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE2F4BA3-7A86-4107-ACB8-1EF39220A3FB}\MpKsle2f52909.sys -- (MpKsle2f52909)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/11/21 17:27:07 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/11/14 18:22:25 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/11/13 16:43:06 | 000,067,912 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/07/04 02:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 02:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 01:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 08:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/09/29 11:21:42 | 001,621,136 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/13 21:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 17:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2003/12/09 10:04:40 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rramdisk.sys -- (RRamdisk)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A172F0D6-0E07-42A0-98BA-B80AF5633D86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A172F0D6-0E07-42A0-98BA-B80AF5633D86}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.c...p?hl=en&tab=ww"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:8.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:10.3.8
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/17 23:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/17 23:08:58 | 000,000,000 | ---D | M]
 
[2013/02/15 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2013/11/11 15:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/11/11 15:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2014/07/17 09:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions
[2014/06/18 13:56:52 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2014/03/25 03:33:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/19 06:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\extensions
[2013/11/14 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2014/06/19 15:06:58 | 000,180,750 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\[email protected]
[2014/06/19 15:06:19 | 000,002,932 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\[email protected]
[2014/07/02 21:12:18 | 000,155,965 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014/06/05 03:27:47 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/11 00:48:49 | 000,293,614 | ---- | M] () (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ycu6l.default-1384471363417\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/06/17 23:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/17 23:10:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Google Wallet = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/07/18 07:34:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [uTorrent] C:\Users\Kenn\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/18 06:55:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/18 05:49:25 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\HTML_Course
[2014/07/17 19:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Skype
[2014/07/17 19:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/07/17 19:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/17 19:44:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/07/11 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\DVD Flick
[2014/07/11 10:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2014/07/11 10:18:50 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2014/07/11 10:18:50 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2014/07/11 10:18:50 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx
[2014/07/11 10:18:50 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2014/07/09 10:44:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/09 10:44:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/09 10:44:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/09 10:44:05 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/09 10:44:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/09 10:44:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/09 10:44:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/07/09 10:44:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/07/09 10:44:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/07/09 10:43:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/09 10:43:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/09 10:43:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/09 10:42:42 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/09 10:42:38 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/08 12:01:18 | 000,126,976 | ---- | C] (Sony Corporation) -- C:\Windows\System32\atrac3.acm
[2014/07/08 12:00:46 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/07/08 12:00:29 | 000,323,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wmvcorer.dll
[2014/07/08 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenMG Jukebox
[2014/07/06 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicStage
[2014/07/06 17:24:08 | 000,770,048 | ---- | C] (Gracenote) -- C:\Windows\System32\CDDBUISony.dll
[2014/07/06 17:24:07 | 000,655,360 | ---- | C] (Gracenote, Inc.) -- C:\Windows\System32\CDDBControlSony.dll
[2014/07/06 17:24:07 | 000,589,824 | ---- | C] (Gracenote) -- C:\Windows\System32\CddbMusicIDSony.dll
[2014/07/06 17:24:07 | 000,073,728 | ---- | C] (Gracenote) -- C:\Windows\System32\CddbLinkSony.dll
[2014/07/06 17:24:05 | 001,329,912 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll
[2014/07/06 17:24:05 | 000,527,096 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\px.dll
[2014/07/06 17:24:05 | 000,498,424 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll
[2014/07/06 17:24:05 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll
[2014/07/06 17:24:05 | 000,183,032 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll
[2014/07/06 17:24:05 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxafs.dll
[2014/07/06 17:24:05 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxinsi64.exe
[2014/07/06 17:24:05 | 000,116,472 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxcpyi64.exe
[2014/07/06 17:24:05 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2014/07/06 17:24:05 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxinsa64.exe
[2014/07/06 17:24:05 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxcpya64.exe
[2014/07/06 17:24:05 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2014/07/06 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/07/06 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicStage
[2014/07/06 17:20:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Iosubsys
[2014/07/06 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Sony Corporation
[2014/07/06 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2014/07/06 14:48:02 | 000,038,951 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\NETMDUSB.sys
[2014/07/06 14:48:02 | 000,036,679 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\NETMD052.sys
[2014/07/06 14:48:02 | 000,036,232 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\NETMD033.sys
[2014/07/06 14:48:02 | 000,035,319 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\NETMD031.sys
[2014/07/06 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2014/07/04 12:51:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Acer
[2014/07/04 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/07/04 11:52:44 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Leader Technologies
[2014/07/04 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Epson
[2014/07/04 11:33:41 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2014/07/04 11:33:41 | 000,126,128 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe
[2014/07/04 11:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/07/04 11:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2014/07/04 11:30:56 | 000,476,027 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppmon.dll
[2014/07/04 11:30:56 | 000,476,027 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppmon.dll
[2014/07/04 11:30:56 | 000,458,310 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppui.dll
[2014/07/04 11:30:56 | 000,458,310 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppui.dll
[2014/07/04 11:30:56 | 000,218,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enspres.dll
[2014/07/04 11:30:56 | 000,218,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enpres.dll
[2014/07/04 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/07/04 11:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2014/07/04 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2014/07/04 11:28:51 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2014/07/04 11:28:42 | 000,142,336 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLMBLAE.DLL
[2014/07/04 11:28:37 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BLAE.DLL
[2014/07/04 11:28:32 | 000,000,000 | ---D | C] -- C:\Users\Kenn\{2124506c-618c-47d8-9314-a48d1395d2cf}
[2014/07/04 11:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/06/22 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/18 07:59:55 | 000,008,192 | ---- | M] () -- C:\Windows\System32\WDPABKP.dat
[2014/07/18 07:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/18 07:47:12 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2014/07/18 07:46:11 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2014/07/18 07:44:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/18 07:43:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/18 07:43:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 07:43:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 07:43:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/18 07:36:01 | 000,000,917 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Update {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/18 07:36:01 | 000,000,731 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Invitation {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/18 07:34:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/07/18 07:34:47 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2014/07/18 01:18:48 | 000,648,439 | ---- | M] () -- C:\Users\Kenn\Documents\DickGray.jpg
[2014/07/17 23:18:25 | 000,094,720 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/17 19:44:42 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/07/17 19:42:43 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/17 13:58:52 | 000,000,110 | ---- | M] () -- C:\Users\Kenn\Documents\test.html
[2014/07/17 08:34:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2014/07/16 20:01:22 | 000,351,951 | ---- | M] () -- C:\Users\Kenn\Documents\Ty_ATT4.jpg
[2014/07/16 19:59:15 | 000,343,708 | ---- | M] () -- C:\Users\Kenn\Documents\Ty_ATT3.jpg
[2014/07/16 19:56:58 | 000,300,285 | ---- | M] () -- C:\Users\Kenn\Documents\Ty_ATT2.jpg
[2014/07/16 19:53:31 | 000,343,378 | ---- | M] () -- C:\Users\Kenn\Documents\Ty_Att_01.jpg
[2014/07/16 13:41:20 | 000,163,918 | ---- | M] () -- C:\Users\Kenn\Documents\JoeyBeach2.jpg
[2014/07/16 13:40:06 | 000,200,917 | ---- | M] () -- C:\Users\Kenn\Documents\JoeyBeach1.jpg
[2014/07/14 17:42:53 | 000,002,032 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2014/07/14 17:10:18 | 000,031,047 | ---- | M] () -- C:\f1a16983-afc4-4b3d-8e2e-36579a8f27f4.dmp
[2014/07/13 12:52:29 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2014/07/13 12:09:08 | 000,388,038 | ---- | M] () -- C:\Users\Kenn\Documents\Tyler_Att_Wall.jpg
[2014/07/13 11:46:05 | 000,323,669 | ---- | M] () -- C:\Users\Kenn\Documents\MattRodwellWP.jpg
[2014/07/13 11:35:53 | 000,291,963 | ---- | M] () -- C:\Users\Kenn\Documents\MattRodwellWP2.jpg
[2014/07/12 19:35:36 | 002,209,834 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-020.jpg
[2014/07/12 19:35:02 | 002,336,134 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-015.jpg
[2014/07/12 19:34:55 | 002,132,692 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-014.jpg
[2014/07/12 19:34:42 | 001,539,738 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-012.jpg
[2014/07/12 19:33:54 | 002,083,883 | ---- | M] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-004.jpg
[2014/07/12 16:36:25 | 000,397,158 | ---- | M] () -- C:\Users\Kenn\Documents\Batgirl_NSA_L.jpg
[2014/07/12 11:14:22 | 001,697,952 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-020.jpg
[2014/07/12 11:14:04 | 001,726,573 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-019.jpg
[2014/07/12 11:12:40 | 001,727,745 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-008.jpg
[2014/07/12 11:12:20 | 001,850,509 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-007.jpg
[2014/07/12 11:11:22 | 001,728,342 | ---- | M] () -- C:\Users\Kenn\Documents\Archie 657-000.jpg
[2014/07/11 23:31:10 | 000,243,370 | ---- | M] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_B.jpg
[2014/07/11 23:29:16 | 000,243,831 | ---- | M] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_BB.jpg
[2014/07/11 10:16:37 | 000,642,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/11 10:16:37 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/11 10:12:05 | 000,000,736 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/09 15:23:04 | 001,164,631 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-009_L.jpg
[2014/07/09 15:02:35 | 000,999,183 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-008_L.jpg
[2014/07/09 10:59:03 | 003,794,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/08 22:45:43 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/08 22:45:43 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/08 15:55:19 | 000,066,964 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20140708_155512.reg
[2014/07/04 12:17:10 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2014/07/04 11:56:03 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2014/07/02 17:42:32 | 002,919,274 | ---- | M] () -- C:\Users\Kenn\Documents\Batman-Eternal-013-(2014)-(Digital)-(Nahga-Empire)-010.jpg
[2014/07/02 14:30:47 | 000,276,063 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot_GuysOnTheBeach.jpg
[2014/07/02 14:09:16 | 000,392,326 | ---- | M] () -- C:\Users\Kenn\Documents\Flash_EmptyHanded.jpg
[2014/07/02 14:07:49 | 000,593,542 | ---- | M] () -- C:\Users\Kenn\Documents\Earth2_InvasionWall.jpg
[2014/07/02 13:50:44 | 000,398,830 | ---- | M] () -- C:\Users\Kenn\Documents\Batgirl_NSA.jpg
[2014/07/02 13:48:33 | 000,392,700 | ---- | M] () -- C:\Users\Kenn\Documents\AS_HoldTheWorld.jpg
[2014/07/02 13:47:24 | 000,420,163 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-023.jpg
[2014/07/02 13:37:58 | 001,996,927 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-012.jpg
[2014/07/02 13:34:25 | 004,647,290 | ---- | M] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-003.jpg
[2014/07/02 02:04:32 | 000,125,701 | ---- | M] () -- C:\Users\Kenn\Documents\RB_RD.jpg
[2014/06/29 13:14:02 | 001,696,032 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2014/06/29 13:13:47 | 001,537,685 | ---- | M] () -- C:\Users\Kenn\Documents\15.jpg
[2014/06/28 08:45:22 | 001,191,046 | ---- | M] () -- C:\Users\Kenn\Documents\Loki - Agent of Asgard 005-000.jpg
[2014/06/25 14:35:12 | 001,542,475 | ---- | M] () -- C:\Users\Kenn\Documents\Uncanny Avengers 021-000.jpg
[2014/06/23 07:59:53 | 000,215,581 | ---- | M] () -- C:\Users\Kenn\Documents\TM_SunSoaking.jpg
[2014/06/23 07:57:41 | 000,217,257 | ---- | M] () -- C:\Users\Kenn\Documents\TM_Tude.jpg
[2014/06/22 23:18:08 | 064,856,514 | ---- | M] () -- C:\Users\Kenn\Documents\Severinka_06_22_2014.package
[2014/06/21 23:20:05 | 000,314,069 | ---- | M] () -- C:\Users\Kenn\Documents\Hangin Out.jpg
[2014/06/21 23:18:44 | 000,257,756 | ---- | M] () -- C:\Users\Kenn\Documents\JoeyPal_WP.jpg
 
========== Files Created - No Company Name ==========
 
[2014/07/18 07:54:58 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2014/07/18 00:37:51 | 000,648,439 | ---- | C] () -- C:\Users\Kenn\Documents\DickGray.jpg
[2014/07/17 19:44:42 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/07/17 13:58:52 | 000,000,110 | ---- | C] () -- C:\Users\Kenn\Documents\test.html
[2014/07/16 20:00:58 | 000,351,951 | ---- | C] () -- C:\Users\Kenn\Documents\Ty_ATT4.jpg
[2014/07/16 19:59:15 | 000,343,708 | ---- | C] () -- C:\Users\Kenn\Documents\Ty_ATT3.jpg
[2014/07/16 19:55:28 | 000,300,285 | ---- | C] () -- C:\Users\Kenn\Documents\Ty_ATT2.jpg
[2014/07/16 19:53:31 | 000,343,378 | ---- | C] () -- C:\Users\Kenn\Documents\Ty_Att_01.jpg
[2014/07/16 13:41:20 | 000,163,918 | ---- | C] () -- C:\Users\Kenn\Documents\JoeyBeach2.jpg
[2014/07/16 13:40:06 | 000,200,917 | ---- | C] () -- C:\Users\Kenn\Documents\JoeyBeach1.jpg
[2014/07/14 17:30:47 | 000,001,447 | ---- | C] () -- C:\Users\Kenn\Desktop\My Google Docs.lnk
[2014/07/14 17:10:14 | 000,031,047 | ---- | C] () -- C:\f1a16983-afc4-4b3d-8e2e-36579a8f27f4.dmp
[2014/07/13 12:05:44 | 000,388,038 | ---- | C] () -- C:\Users\Kenn\Documents\Tyler_Att_Wall.jpg
[2014/07/13 11:35:53 | 000,291,963 | ---- | C] () -- C:\Users\Kenn\Documents\MattRodwellWP2.jpg
[2014/07/13 11:10:58 | 000,323,669 | ---- | C] () -- C:\Users\Kenn\Documents\MattRodwellWP.jpg
[2014/07/12 19:35:35 | 002,209,834 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-020.jpg
[2014/07/12 19:35:02 | 002,336,134 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-015.jpg
[2014/07/12 19:34:55 | 002,132,692 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-014.jpg
[2014/07/12 19:34:42 | 001,539,738 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-012.jpg
[2014/07/12 19:33:53 | 002,083,883 | ---- | C] () -- C:\Users\Kenn\Documents\Amazing X-Men (2013-) 009-004.jpg
[2014/07/12 11:14:21 | 001,697,952 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-020.jpg
[2014/07/12 11:14:03 | 001,726,573 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-019.jpg
[2014/07/12 11:12:40 | 001,727,745 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-008.jpg
[2014/07/12 11:12:20 | 001,850,509 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-007.jpg
[2014/07/12 11:11:21 | 001,728,342 | ---- | C] () -- C:\Users\Kenn\Documents\Archie 657-000.jpg
[2014/07/09 14:40:13 | 001,164,631 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-009_L.jpg
[2014/07/09 14:39:36 | 000,999,183 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-012-(2014)-(Digital)-(Nahga-Empire)-008_L.jpg
[2014/07/08 15:55:15 | 000,066,964 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20140708_155512.reg
[2014/07/08 12:00:32 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2014/07/08 12:00:31 | 000,000,922 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.sc
[2014/07/08 12:00:29 | 000,262,416 | ---- | C] () -- C:\Windows\System32\Asfv2.dll
[2014/07/06 17:24:07 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2014/07/04 12:36:05 | 000,000,731 | ---- | C] () -- C:\Windows\tasks\EPSON XP-410 Series Invitation {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/04 12:36:00 | 000,000,917 | ---- | C] () -- C:\Windows\tasks\EPSON XP-410 Series Update {6D445799-8AD1-4A6C-8349-1A295FBC8D8D}.job
[2014/07/04 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/07/04 11:56:03 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX
[2014/07/04 11:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2014/07/04 11:56:02 | 000,000,004 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2014/07/02 17:42:32 | 002,919,274 | ---- | C] () -- C:\Users\Kenn\Documents\Batman-Eternal-013-(2014)-(Digital)-(Nahga-Empire)-010.jpg
[2014/07/02 14:30:47 | 000,276,063 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot_GuysOnTheBeach.jpg
[2014/07/02 14:09:16 | 000,392,326 | ---- | C] () -- C:\Users\Kenn\Documents\Flash_EmptyHanded.jpg
[2014/07/02 14:05:39 | 000,593,542 | ---- | C] () -- C:\Users\Kenn\Documents\Earth2_InvasionWall.jpg
[2014/07/02 13:51:57 | 000,397,158 | ---- | C] () -- C:\Users\Kenn\Documents\Batgirl_NSA_L.jpg
[2014/07/02 13:50:08 | 000,398,830 | ---- | C] () -- C:\Users\Kenn\Documents\Batgirl_NSA.jpg
[2014/07/02 13:48:33 | 000,392,700 | ---- | C] () -- C:\Users\Kenn\Documents\AS_HoldTheWorld.jpg
[2014/07/02 13:42:04 | 000,420,163 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-023.jpg
[2014/07/02 13:37:58 | 001,996,927 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-012.jpg
[2014/07/02 13:34:25 | 004,647,290 | ---- | C] () -- C:\Users\Kenn\Documents\Earth-2-025-(2014)-(Digital)-(Nahga-Empire)-003.jpg
[2014/07/02 02:03:33 | 000,125,701 | ---- | C] () -- C:\Users\Kenn\Documents\RB_RD.jpg
[2014/06/29 13:14:02 | 001,696,032 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2014/06/29 13:13:47 | 001,537,685 | ---- | C] () -- C:\Users\Kenn\Documents\15.jpg
[2014/06/26 19:59:04 | 000,243,831 | ---- | C] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_BB.jpg
[2014/06/26 19:58:41 | 000,243,370 | ---- | C] () -- C:\Users\Kenn\Documents\JK_Close_Wall_F_B.jpg
[2014/06/25 14:35:11 | 001,542,475 | ---- | C] () -- C:\Users\Kenn\Documents\Uncanny Avengers 021-000.jpg
[2014/06/23 07:59:53 | 000,215,581 | ---- | C] () -- C:\Users\Kenn\Documents\TM_SunSoaking.jpg
[2014/06/23 07:56:53 | 000,217,257 | ---- | C] () -- C:\Users\Kenn\Documents\TM_Tude.jpg
[2014/06/22 23:11:46 | 064,856,514 | ---- | C] () -- C:\Users\Kenn\Documents\Severinka_06_22_2014.package
[2014/06/21 23:20:05 | 000,314,069 | ---- | C] () -- C:\Users\Kenn\Documents\Hangin Out.jpg
[2014/06/21 23:18:01 | 000,257,756 | ---- | C] () -- C:\Users\Kenn\Documents\JoeyPal_WP.jpg
[2014/06/21 22:58:13 | 000,261,455 | ---- | C] () -- C:\Users\Kenn\Documents\JK_L_C_009.jpg
[2014/02/13 16:20:29 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2014/02/13 16:20:29 | 000,000,058 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2014/02/13 14:29:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/03 07:33:57 | 000,000,211 | ---- | C] () -- C:\Users\Kenn\.swfinfo
[2013/12/30 14:53:08 | 000,001,487 | ---- | C] () -- C:\Users\Kenn\AppData\Local\recently-used.xbel
[2013/12/06 16:45:18 | 000,000,072 | ---- | C] () -- C:\Windows\JascCmdFile.INI
[2013/11/11 14:37:27 | 000,000,436 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2013/04/29 12:49:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/04/23 08:50:59 | 000,000,227 | ---- | C] () -- C:\Users\Kenn\736884F1_00000001_000000000006CBAC.vpxy
[2013/01/19 01:30:25 | 000,091,964 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/01/09 18:39:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/01/02 13:49:18 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/01/02 12:25:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/12/09 14:23:08 | 000,000,098 | ---- | C] () -- C:\Users\Kenn\hosts
[2012/09/21 15:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/09/21 15:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/09/21 15:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/07/14 20:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/03 00:14:28 | 000,094,720 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 20:37:35 | 000,002,032 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras:

OTL Extras logfile created on: 7/18/2014 7:57:11 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 46.54% Memory free
6.73 Gb Paging File | 4.43 Gb Available in Paging File | 65.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 190.90 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 171.04 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
 
Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" /ADD "%1" (PandoraTV)
Directory [KMPlayer.Play] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" "%1" (PandoraTV)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02513B14-6A84-4F14-8ADF-37EC965BDC96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22708301-DAC8-427C-8334-E296D9D19362}" = rport=137 | protocol=17 | dir=out | app=system |
"{239220DA-11BD-45C5-9111-7926B49FBB7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CEF591B-5170-46B7-8342-E16E0DBA6439}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3044C1BF-2257-4D61-9CF0-2A92465D57E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{32C1FCE2-216F-40A3-8FA4-EFD6DDDCB19B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50EE8241-FAF1-4A2D-A180-3A3FE07CD91C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5124D46D-C892-4B99-926C-307112EE3A90}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D3E5972-1A2C-451B-9B1D-9A801028D994}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94E13066-9AB3-474D-9E41-B737DE217F22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{95C579EF-20A6-4173-9EED-8FDC4CD7ED07}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BA3F0D1-37A5-4477-B994-CCB05759D94B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A63670ED-A5A6-4F98-B6FF-32CCE7F1533A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A685E813-F348-4E2E-82E2-85CCD3B66B36}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEEB7AE6-25F1-4AD8-B521-DDBFCC1E527C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{DC247505-E4FE-4C79-9439-3AB5BCE55545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E0397B74-2D1C-4451-BE42-50D7B0E69777}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA82CBFD-B987-4714-A0C2-644085B1FF2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F79E99FE-149A-4A7A-9F33-FF3F2FACBFAF}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BC9FE-91AC-4888-AA25-D3993F7C806C}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"{083DFF94-DC93-4A9F-96B5-0017E02123D9}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{084743E5-40EA-45AB-B060-88B16B86D198}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{1028B29B-5181-4ADA-9338-3EC9ED0B1470}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{11A2A22E-E5F5-42D4-87AE-613DA21DB8E4}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{11E4C9C7-BD18-4D8F-AA3A-2DEFD3F8436D}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{1309D187-A3BC-4D15-B80D-9A50A2FC68B1}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{155CAE5A-80EC-4045-9B5E-CD09D8474FC7}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{18724FB8-7FE8-4ED9-AE41-CDD3AC3E312A}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{1C32D3C7-6439-4AF4-8F68-9F4A846F40C6}" = protocol=58 | dir=in | app=system |
"{1C5C2EFA-AA45-4EB3-94C6-541C2A451898}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{1E9DC544-16E9-46F0-96E5-17D32A8B0724}" = dir=in | app=c:\program files\plex\plex media server\plexdlnaserver.exe |
"{23818147-925C-4926-99CF-E0E7274D9E6C}" = protocol=58 | dir=in | [email protected],-28545 |
"{2A74F2C8-708A-4CEB-A46D-7D92829D1664}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{2E0061FF-51B8-40B8-89D2-FFE6200D883C}" = protocol=58 | dir=out | [email protected],-203 |
"{2F848F63-C4B5-4B0E-BA8A-EF85EE43043C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33E7781B-6E37-4D50-BAC7-ABD11682D79D}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{358E312C-20A6-4591-93E9-EDA8CF3F017E}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
"{410EBA61-D606-44BC-A0EF-490E65E43F2D}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{4125FF64-DF3D-4F75-BCD5-F050F7E85321}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{435A53FE-F757-46B1-A391-8BE4C613144E}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4BA56E45-D688-4731-BA25-FD9779E407B3}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{4FDDAEE8-E687-4EEB-82F6-828554E6FF17}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{551AFFF5-0315-4629-BD66-D195EF4758CC}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"{666F578A-D8A2-4086-9834-42BE813367B0}" = protocol=1 | dir=out | [email protected],-28544 |
"{72A29CFC-E5DF-4C97-A29B-E955A8729F91}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{76CA60F4-ED3C-4359-A186-DC66F75464BA}" = protocol=1 | dir=in | [email protected],-28543 |
"{7A142C01-0165-46DD-9675-57ED4D902142}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{7A6F4611-0118-47E0-9E66-784F0A5D0404}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{7C41DA2F-5E3F-4EAC-837E-1C0FEAD0B614}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{7C9A2CBF-9A8C-491D-A6BC-0B618EA51F58}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8030D642-F663-4DB5-8F75-16CD594299D2}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{91153892-C674-48DC-89F5-75F967195886}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{93F1AA91-5181-4EA7-A069-99A5C6D0E8F6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{9B55D7B0-0927-432E-8B38-B154C991FB62}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{9D94F4C6-FD11-411F-ACA9-B1D1EF37A086}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
"{9D9B01F1-EF0C-478C-93D1-9134DD0DE673}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{9F406C5B-3B88-4971-B6BC-53D7DDFA1B81}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"{A46520E8-A8D3-4D87-A52C-46F06B914DCB}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{B00CBC3A-8625-43CD-9E8D-38E41B4F2B24}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B0D8BAFA-ACBA-43DC-A044-8F3CBB281D67}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{C8A64341-373A-479E-921A-F36951FF3ACD}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D45D3158-1833-4195-B7AC-5BF75879562B}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DDCABFA0-4819-45A8-ABD1-7521BFBEECE1}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{E0CBF18D-11BD-47B6-9543-56EF27B0D6E7}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{EA7D5FF9-0F23-4BDE-B59D-90DD9830A483}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC626C76-7D64-4A0B-AD6C-FFBB151F90B0}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{EDC67664-9B89-41DF-897F-838E20F0750C}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"{EFC0E954-A83F-446D-B893-12FB9F769929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F36AF875-3E4B-4F7E-ACB4-C40AA4094DBD}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F5E7ECDE-E6FA-426D-8C8B-F90EF25577DF}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{0A4C89A5-353A-4E0D-838E-9E3A19F2A9F3}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{1A2AA946-AD75-4F73-AA37-1BB269B52771}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{1D9B236B-6297-49D3-88DC-7B390A82F087}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{562A3DE8-ADA3-4E97-8510-DA428D4BD367}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{636DDE61-A534-4A35-91EC-34B7BD6343E3}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{A6550375-4AD6-4A79-85F1-ECF9C52F52CB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{C318C669-566B-4E27-8BD9-C96AF1047AE3}E:\common\epsonnet setup\eneasyapp.exe" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"TCP Query User{F6670925-97A5-4377-9D2A-6EA2CC39BABB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{FA4428A9-CFC4-43E6-B329-5F2A0D83804E}C:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2A16E681-4619-4905-A2EA-EDDB63CEF68F}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{52D06E9E-15EE-4B7C-A119-4F126067411F}E:\common\epsonnet setup\eneasyapp.exe" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"UDP Query User{9FA2A8EA-491A-4C85-848E-BC2F7228FD88}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{C100D518-4D0E-4D99-AD5E-0127563012F5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C4078223-E6B6-43F2-8021-3CE950FD5F2C}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{CDC2450D-AECF-4A46-82DF-6C3308324C17}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{D5905C0C-3F8A-484C-87C1-127371DC8786}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{F4480C5A-70F2-4F27-9E5C-FC777ACE527D}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{F73B227C-6BF5-4644-B6C9-ACA7D7FD942A}C:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{037A965B-8341-4016-8A5A-8EBB5CC093EE}_is1" = uninstall
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10144CFE-D76C-4CFA-81A1-37A1642349A3}" = Epson Event Manager
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B58AB2C-D980-47FD-8633-E360314BA662}" = WD Security
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{324C58C7-A292-4523-A943-91DE1EB6A1FE}" = WD Quick View
"{33100EE2-5EDF-4AB1-BF08-D767E3AED642}" = TSR Workshop
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{424E1389-2414-4394-9476-5D26316F291F}" = IE Download Helper
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42B72780-640C-40A1-B285-ABEF3F4D9D6E}_is1" = Batman Arkham City Game Of The Year Edition
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1" = MassTube 11.1.1.627
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72fda14f-5a07-49d5-b7f7-202377e9b522}" = WD SmartWare Installer
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{75939021-3B68-419D-8DC1-E9823BFF9658}" = Google Drive
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{876ab221-6562-4f34-9335-68fc92bb3f1b}" = Plex Media Server
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8988EA30-14EF-41DE-843E-DBD4CFAAA0AF}" = Plex Media Server
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E7C5578-1985-141E-4D5E-1FDEA31265C9}" = ccc-utility
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.4.1
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{976D65A4-87F9-430F-80F6-27B60BC74AA9}" = Hauppauge Tuning Adapter Proxy
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A19DD749-DBCC-462B-A692-9E62E629F6C4}" = Syncdocs
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}" = calibre
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}" = ArcSoft WebCam Companion 3
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B424CEE6-E8A3-4678-BCCF-B22DD3798AE0}" = BlueStacks Notification Center
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDEE7660-E08C-4824-8577-6CE12F8C3492}_is1" = gPhotoShow v1.6.3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C1E6B103-4FFE-45D5-ACE3-8FD1E14A7F4B}" = FULL-DISKfighter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC [email protected]
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB8CEC6B-903F-4296-BCF3-CE65CAB8E151}" = WD SmartWare
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D60071DB-459C-465C-92EF-336E65F1A436}" = Software Updater
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims™ 3 70s, 80s, & 90s Stuff
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EAB74CB6-760C-2136-FC77-9549721FB84A}" = AMD Catalyst Install Manager
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F859EACD-283B-449C-AD10-9EC74E824FB9}" = Marine Aquarium
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}" = WD Drive Utilities
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AACACM" = AAC ACM Codec 1.9
"AC3ACM" = AC-3 ACM Codec 2.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.7.3
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.3.1
"BFG-Archie - Riverdale Rescue" = Archie: Riverdale Rescue
"BFGC" = Big Fish: Game Manager
"BlueStacks App Player" = BlueStacks App Player
"Bodyshop Mechanic.36b" = Bodyshop Mechanic
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Debut" = Debut Video Capture Software
"Dell Dock" = Dell Dock
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstall)
"Digital Camera Driver" = Digital Camera Driver
"Digital Editions" = Adobe Digital Editions
"DreamAqua" = Dream Aquarium
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"DVDFab 9_is1" = DVDFab 9.1.5.0 (30/05/2014)
"DVDFab Media Player 2_is1" = DVDFab Media Player 2
"DVDStyler_is1" = DVDStyler v2.2
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON Scanner" = EPSON Scan
"EPSON XP-410 Series" = EPSON XP-410 Series Printer Uninstall
"Explorer Suite_is1" = Explorer Suite IV
"ffdshow_is1" = ffdshow v1.1.4382 [2012-03-12]
"FileHippo.com" = FileHippo.com Update Checker
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FormatFactory" = FormatFactory 3.3.1.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 8.2
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GIMP-2_is1" = GIMP 2.8.10
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.28104)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV-DCR-2650 IR Service" = Hauppauge WinTV-DCR-2650 IR Service
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ImgBurn" = ImgBurn
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Miro Video Converter" = Miro Video Converter
"MKVToolNix" = MKVToolNix 7.0.0 (32bit)
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"Picasa 3" = Picasa 3
"PrintKey2000" = PrintKey2000
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Razer Game Booster_is1" = Razer Game Booster
"Replay Video Capture6.0.6" = Replay Video Capture 6
"s3pe" = s3pe - Sims3 Package Editor
"Shop for HP Supplies" = Shop for HP Supplies
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"Splashtop Software Updater" = Splashtop Software Updater
"SpywareBlaster_is1" = SpywareBlaster 5.0
"ST6UNST #1" = Sims 2 Categorizer
"ST6UNST #2" = Sims 2 NPC Replacer
"The KMPlayer" = The KMPlayer (remove only)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Unlocker" = Unlocker 1.9.2
"UsersGuideEpson XP-410 User's Guide_is1" = Epson XP-410 User's Guide version 1.0
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/16/2014 4:11:00 PM | Computer Name = Kenn-PC | Source = .NET Runtime | ID = 1027
Description =
 
Error - 7/16/2014 4:11:00 PM | Computer Name = Kenn-PC | Source = Application Error | ID = 1000
Description = Faulting application WDBackupEngine.exe, version 2.0.0.15, time stamp
 0x538cb727, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
 exception code 0xc00000fd, fault offset 0x000677ce,  process id 0x„Ch, application
 start time 0xt ¤ „•g.
 
Error - 7/16/2014 4:16:06 PM | Computer Name = Kenn-PC | Source = .NET Runtime | ID = 1027
Description =
 
Error - 7/16/2014 4:16:06 PM | Computer Name = Kenn-PC | Source = Application Error | ID = 1000
Error - 7/17/2014 11:29:01 AM | Computer Name = Kenn-PC | Source = BstHdAndroidSvc
 | ID = 0
 
Description = Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/17/2014 11:34:00 AM | Computer Name = Kenn-PC | Source = .NET Runtime
| ID = 1027
 
Description =
Error - 7/17/2014 11:34:00 AM | Computer Name = Kenn-PC | Source = Application Error
 | ID = 1000
 
Description = Faulting application WDBackupEngine.exe, version 2.0.0.15, time stamp 0x538cb727, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x000677d7,
process id 0xp¡f, application start time 0xt¤d«g.
Error - 7/17/2014 11:42:33 AM | Computer Name = Kenn-PC | Source = Perflib | ID
= 1010
 
Description =
Error - 7/17/2014 11:42:34 AM | Computer Name = Kenn-PC | Source = Perflib | ID
= 1008
 
Description =
Error - 7/18/2014 7:43:46 AM | Computer Name = Kenn-PC | Source = BstHdAndroidSvc
 | ID = 0
 
Description = Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/18/2014 7:49:18 AM | Computer Name = Kenn-PC | Source = .NET Runtime |
 ID = 1027
 
Description =
Error - 7/18/2014 7:49:19 AM | Computer Name = Kenn-PC | Source = Application Error
 | ID = 1000
 
Description = Faulting application WDBackupEngine.exe, version 2.0.0.15, time stamp 0x538cb727, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc00000fd, fault offset 0x0004a153,
process id 0x”g, application start time 0x”g.
 
Error encountered while reading event logs.
 
< End of report >

Thanks again!


  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#7
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Thanks! Sorry to take so long, but the ESET took almost 8 hours (probably should have disconnected the external drive beforehand)! I've always had (and use) Malwarebytes, but I never realized that I'd not checked an important step!

Here's that log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/19/2014
Scan Time: 4:03:52 PM
Logfile: Malwarebytes_07_19_2014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.19.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Kenn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289768
Time Elapsed: 23 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

And now here's ESET (29! threats found, and all within the first three hours at about the 22% mark, which seemed to include the Temp32 section, which is where these things hang about.)

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6f79a30de27fef468653fa5e46073a49
# engine=19256
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-20 04:26:39
# local_time=2014-07-20 12:26:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9073708 99054003 0 0
# scanned=662592
# found=29
# cleaned=0
# scan_time=28194
sh=7DE60A3AEAC96F7FA559D468D852FBDDA731391F ft=1 fh=3d20769bd48072ca vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnIC.dll"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnStub.exe"
sh=140308EF85F243BA4D2AAC012B1017B47E52B89E ft=1 fh=ffd7fdcd47cd63f7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe"
sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=0B2F0A98C97C17BA3354E9B67B67166FCB97B7AB ft=1 fh=ddb00d73ca0f285e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files\NCH Software\Debut\debut.exe"
sh=8815EFADE431A3F13799B5014B4C65308001F3CE ft=1 fh=4f0d08c0f67cef83 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files\NCH Software\Debut\debutsetup_v1.88.exe"
sh=BB63C24439006EC01B1D2D20189D1A243925D43D ft=0 fh=0000000000000000 vn="BAT/TrojanDownloader.Ftp.NQU trojan" ac=I fn="C:\ProgramData\Catalyst\1.bat"
sh=8A6AF02B265B275CFC9C7C012DD6F7A4F84B2CFB ft=1 fh=47d4004b5a42ffaa vn="a variant of Win32/BitCoinMiner.L potentially unsafe application" ac=I fn="C:\ProgramData\Catalyst\mnr.exe"
sh=DDD60D41AACAAE509BBBAF287D04888AF6F9F2F7 ft=0 fh=0000000000000000 vn="REG/Startup.I trojan" ac=I fn="C:\ProgramData\Catalyst\start.reg"
sh=4B3F593EE86B08D372BE9B0C68BAA78B094B2867 ft=0 fh=0000000000000000 vn="BAT/TrojanDownloader.Ftp.NQU trojan" ac=I fn="C:\ProgramData\Catalyst\stop.bat"
sh=49D8EF6835A6DE734EAD4E0B2CBBC65735CD5C17 ft=1 fh=b7c2cf7d50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll"
sh=BB63C24439006EC01B1D2D20189D1A243925D43D ft=0 fh=0000000000000000 vn="BAT/TrojanDownloader.Ftp.NQU trojan" ac=I fn="C:\Users\All Users\Catalyst\1.bat"
sh=8A6AF02B265B275CFC9C7C012DD6F7A4F84B2CFB ft=1 fh=47d4004b5a42ffaa vn="a variant of Win32/BitCoinMiner.L potentially unsafe application" ac=I fn="C:\Users\All Users\Catalyst\mnr.exe"
sh=DDD60D41AACAAE509BBBAF287D04888AF6F9F2F7 ft=0 fh=0000000000000000 vn="REG/Startup.I trojan" ac=I fn="C:\Users\All Users\Catalyst\start.reg"
sh=4B3F593EE86B08D372BE9B0C68BAA78B094B2867 ft=0 fh=0000000000000000 vn="BAT/TrojanDownloader.Ftp.NQU trojan" ac=I fn="C:\Users\All Users\Catalyst\stop.bat"
sh=49D8EF6835A6DE734EAD4E0B2CBBC65735CD5C17 ft=1 fh=b7c2cf7d50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll"
sh=C2C35F77505CB8FF70FC312C44E070DBD5834942 ft=1 fh=bf83ea32284cf26c vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Kenn\AppData\Local\NativeMessaging\CT3306058\1_0_0_2\TBMessagingHost.exe"
sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Kenn\AppData\Local\NativeMessaging\CT3311875\1_0_0_4\TBMessagingHost.exe"
sh=17D5045E4915057D93E553455B45C862FD7F6CF2 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON potentially unwanted application" ac=I fn="C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk"
sh=269EA2C71299328A51D98798CE62D99DFB1133B0 ft=1 fh=ad1c591b3c42dd1e vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Kenn\Downloads\3.8.0.123_20140423104200.exe"
sh=B8644882E568A5E9BFB9CC90FA4415F2195770BF ft=1 fh=ec0665a71cdcaf66 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kenn\Downloads\3.9.0.125_20140702035547.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Users\Kenn\Downloads\Downloaded Programs\FFSetup3.3.1.0.exe"
sh=9C90E3C04030E34A54C1DBB92F7557867D7E3AF3 ft=1 fh=d611d9cf69a51b37 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Kenn\Downloads\Downloaded Programs\GameBoosterv40680.exe"
sh=8F83180412E2D386EA5075441362A04F1C27BF0B ft=1 fh=213010b166f2d39f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Kenn\Downloads\Downloaded Programs\MiroVideoConverter_Setup.exe"
sh=72E617A5BF9700097BC08C22BA7902318BC97616 ft=1 fh=1172a370efed9ba6 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=C70872D7B4F48D529A179C0FA54AB65FB1B982F4 ft=1 fh=f2e2b15faf5e28f3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI877B.tmp"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIA76F.tmp"
sh=5707514D788581178761B6D3684B280F3F869F3E ft=1 fh=932c811bf71e5503 vn="Win32/SweetIM.G potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1QR21U3\SkywalkerSetup[1].exe"
 

From what I could see, there seem to be residual 'adk toolbar' stuff, which I thought CC Cleaner was getting rid of? I use KMPlayer for video, which used to be terrific, but now everytime it wants to upgrade, there's the ritual of declining various toolbars and junk, which I am very careful to do. But I wonder if they get backdoored in even with a decline? I probably have to find a new video player.

Thanks for being patient!


  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Yes, they are just some traces of adware although there are some possible BitCoin miners too. You may try VLC player. It is free and ad-free. Only thing you may complain is that it is not fancy.
  • Step #7 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :Files
      C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask
      C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
      C:\Program Files\NCH Software\Debut\debut.exe
      C:\Program Files\NCH Software\Debut\debutsetup_v1.88.exe
      C:\ProgramData\Catalyst\1.bat
      C:\ProgramData\Catalyst\mnr.exe
      C:\ProgramData\Catalyst\start.reg
      C:\ProgramData\Catalyst\stop.bat
      C:\ProgramData\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll
      C:\Users\All Users\Catalyst\1.bat
      C:\Users\All Users\Catalyst\mnr.exe
      C:\Users\All Users\Catalyst\start.reg
      C:\Users\All Users\Catalyst\stop.bat
      C:\Users\All Users\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll
      C:\Users\Kenn\AppData\Local\NativeMessaging\CT3306058\1_0_0_2\TBMessagingHost.exe
      C:\Users\Kenn\AppData\Local\NativeMessaging\CT3311875\1_0_0_4\TBMessagingHost.exe
      C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk
      C:\Users\Kenn\Downloads\3.8.0.123_20140423104200.exe
      C:\Users\Kenn\Downloads\3.9.0.125_20140702035547.exe
      C:\Users\Kenn\Downloads\Downloaded Programs\FFSetup3.3.1.0.exe
      C:\Users\Kenn\Downloads\Downloaded Programs\GameBoosterv40680.exe
      C:\Users\Kenn\Downloads\Downloaded Programs\MiroVideoConverter_Setup.exe
      C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
      C:\Windows\Installer\MSI877B.tmp
      C:\Windows\Installer\MSIA76F.tmp
      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1QR21U3\SkywalkerSetup[1].exe

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
Regards,
Valinorum
  • 0

#9
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Looking at the results more carefully, at least some of the dreck was from upadting Format Factory, which is an otherwise decent conversion program! I do use VLC for some things, but it's not as manipulable as KM, or perhaps I just need to look into it further. Right now, one program fills in ofr the other depending upon what needs to be done.

The Fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask folder moved successfully.
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe moved successfully.
C:\Program Files\NCH Software\Debut\debut.exe moved successfully.
C:\Program Files\NCH Software\Debut\debutsetup_v1.88.exe moved successfully.
C:\ProgramData\Catalyst\1.bat moved successfully.
C:\ProgramData\Catalyst\mnr.exe moved successfully.
C:\ProgramData\Catalyst\start.reg moved successfully.
C:\ProgramData\Catalyst\stop.bat moved successfully.
C:\ProgramData\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll moved successfully.
File\Folder C:\Users\All Users\Catalyst\1.bat not found.
File\Folder C:\Users\All Users\Catalyst\mnr.exe not found.
File\Folder C:\Users\All Users\Catalyst\start.reg not found.
File\Folder C:\Users\All Users\Catalyst\stop.bat not found.
File\Folder C:\Users\All Users\InstallMate\{D8D6AAB5-865A-4DC8-AF23-CE7803358843}\Custom.dll not found.
C:\Users\Kenn\AppData\Local\NativeMessaging\CT3306058\1_0_0_2\TBMessagingHost.exe moved successfully.
C:\Users\Kenn\AppData\Local\NativeMessaging\CT3311875\1_0_0_4\TBMessagingHost.exe moved successfully.
C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk moved successfully.
C:\Users\Kenn\Downloads\3.8.0.123_20140423104200.exe moved successfully.
C:\Users\Kenn\Downloads\3.9.0.125_20140702035547.exe moved successfully.
C:\Users\Kenn\Downloads\Downloaded Programs\FFSetup3.3.1.0.exe moved successfully.
C:\Users\Kenn\Downloads\Downloaded Programs\GameBoosterv40680.exe moved successfully.
C:\Users\Kenn\Downloads\Downloaded Programs\MiroVideoConverter_Setup.exe moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll moved successfully.
C:\Windows\Installer\MSI877B.tmp moved successfully.
C:\Windows\Installer\MSIA76F.tmp moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1QR21U3\SkywalkerSetup[1].exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kenn
->Temp folder emptied: 2269299 bytes
->Temporary Internet Files folder emptied: 10009195 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 391881374 bytes
->Google Chrome cache emptied: 175945962 bytes
->Flash cache emptied: 7423 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1669931 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 555.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07222014_132256

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\Temporary ASP.NET Files\root\cb4dc7d1\1216524a\assembly\dl3\d1489bcf\000ce885_b895cc01\WinTVExtender.EXE not found!
File\Folder C:\Windows\temp\Temporary ASP.NET Files\root\cb4dc7d1\1216524a\App_Code.hgqzl7ow.dll not found!
File\Folder C:\Windows\temp\JET37C2.tmp not found!
C:\Windows\temp\JETC495.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Thanks once again!


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts

Right now, one program fills in ofr the other depending upon what needs to be done.

I did not understand. How is you PC, by the way?
  • 0

Advertisements


#11
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

LOL! That was just my horrible typing! I meant that I use both programs, and one does things that the other does not, and vice versa. The PC's been running well since I did the restore. My concern was that there had been the weird occurrence prior, and, since I couldn't pinpoint why it had happened, I didn't know what to safeguard against.


  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
It looks like whatever was lurking inside your PC was removed when you did the system restore. If you are facing no issue, we can move on to the clean-up phase of the removal tools.
  • 0

#13
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Sorry! Busy week! Yes, indeed. Would be happy to finish up! :yes:


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#15
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Done!

# DelFix v10.7 - Logfile created 27/07/2014 at 13:05:35
# Updated 27/04/2014 by Xplode
# Username : Kenn - KENN-PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\log.txt
Deleted : C:\logFileUI.txt
Deleted : C:\Users\Kenn\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Kenn\Downloads\Extras.Txt
Deleted : C:\Users\Kenn\Downloads\OTL.Txt
Deleted : C:\Users\Kenn\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1168 [OTL Restore Point - 7/18/2014 6:55:54 AM | 07/18/2014 10:55:54]
Deleted : RP #1169 [Windows Update | 07/19/2014 11:58:24]
Deleted : RP #1170 [OTL Restore Point - 7/22/2014 1:23:21 PM | 07/22/2014 17:23:21]
Deleted : RP #1171 [Windows Update | 07/23/2014 13:47:21]
Deleted : RP #1172 [Windows Update | 07/23/2014 21:45:54]
Deleted : RP #1173 [Windows Update | 07/27/2014 04:07:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP