This topic is locked
Hi guy ,
I have try several method to try to restore my homepage which was hijacked by hao123.com. It did go off for 1 day and it was back again.
I try using junkware removal tools , rogue killer. malwarebytes & combofix. hao123.com remain
While spyhunter indicated there were several infection but it require a pay version to remove them
I try to del some of registry associated with hao123.com show by spyhunter
A rescan show that hao 123.com was not there but still hao123.com remain
other pick up remain as
snap do (12 infection)
surf canyon toolbar (4 infection)
adware qvod (709 infection)
adware superfish window shopper (4 infection)
smileywelove toolbar (14 infection)
tribalfusion ( 1 infection)
I would really appreciate that someone could help
Attach OTL log
OTL logfile created on: 7/26/2014 7:02:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tng family\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy
3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.88% Memory free
13.73 Gb Paging File | 11.42 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 5938 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 3.20 Gb Free Space | 6.55% Space Free | Partition Type: NTFS
Drive D: | 391.76 Gb Total Space | 108.30 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Computer Name: TNG-FAMILY-PC | User Name: Tng family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/26 19:01:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tng family\Desktop\OTL.exe
PRC - [2014/07/15 17:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/07 20:54:06 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/07 20:54:06 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.48\QvodWebService.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/17 16:03:32 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2013/07/17 16:02:48 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/14 20:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/09/14 20:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2011/08/04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/02/07 15:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/15 17:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 17:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 17:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 17:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 17:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/07/07 20:54:09 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/07 20:54:07 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.48\QvodWebService.exe
MOD - [2014/05/13 10:54:31 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\867f0cd485a6fe6f335da319f89b0159\JSON.ni.dll
MOD - [2014/05/13 10:54:17 | 000,653,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\7073c0ed49f836a95d2b00127607c2e9\HD-Agent.ni.exe
MOD - [2014/05/11 14:52:13 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\cf8bf282cce3bd656a153fdcae2926f3\System.Web.ni.dll
MOD - [2014/05/11 14:51:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b99b5d0bf53e58c722eabf2ed2d45edb\System.Xml.ni.dll
MOD - [2014/05/11 14:51:27 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5872f43f5b34cf363e369872c9826e03\System.Configuration.ni.dll
MOD - [2014/05/11 14:51:17 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\586b31722986523872dad677f74f69f9\System.ni.dll
MOD - [2014/05/11 14:51:13 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e6bcd46744860a2cdb1bb63bf9a0b125\mscorlib.ni.dll
MOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/06/11 04:39:33 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/07 20:54:06 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/05/11 10:44:27 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/09 07:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/30 20:56:21 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/03/30 20:56:18 | 000,199,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/03/03 12:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/12 13:19:13 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/11 07:04:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/17 16:02:48 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/07/17 16:02:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/08/25 10:54:25 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/02/07 15:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/07 20:54:32 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/07 20:54:13 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/07 20:54:13 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/07 20:54:12 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/07 20:54:12 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/07 20:54:12 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/07 20:54:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/07 20:54:12 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/01/07 03:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/03/30 20:56:21 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/03/30 20:56:21 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/03/30 20:56:20 | 000,642,952 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/03/30 20:56:19 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/03/30 20:56:19 | 000,158,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/25 17:12:04 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/01/23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/12/27 08:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/08 22:35:34 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 07:07:42 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/03 12:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/03 12:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 11:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 10:49:58 | 000,052,224 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ustor2k.sys -- (USTOR2K)
DRV:64bit: - [2010/01/28 22:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 10:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/11 04:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/11 04:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2013/07/17 16:02:42 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://sg.yahoo.com...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://sg.search.ya...&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://sg.yahoo.com...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://sg.search.ya...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com.sg"
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:IDS_SS_VERSION
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npBdyyPlugin: C:\Users\Tng family\3.9.3.12\npbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Users\Tng family\3.9.3.12\npxbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\Tng family\funshion\funshiontools\npFunshion.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\搜狐影音\npifox.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/30 20:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/07 20:54:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/11 07:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/03/22 16:26:43 | 000,000,000 | ---D | M]
[2012/01/27 22:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tng family\AppData\Roaming\Mozilla\Extensions
[2014/07/25 06:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tng family\AppData\Roaming\Mozilla\Firefox\Profiles\2eldtj7a.default\extensions
[2014/07/11 07:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/07/11 07:04:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/07/11 07:04:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/07/11 07:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/07/11 07:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/11 07:04:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/30 20:57:01 | 000,000,000 | ---D | M] (IDS_SS_NAME) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2014/07/07 20:54:15 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com.sg/
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: 优酷一键通Sotapit = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\alddjbjplgobbllfolehibiclbhmomla\4.0.2_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: avast! Online Security = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Go away MDA = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lledpflfnanamkogoclkgaggfdgoalok\3.0.2_0\
CHR - Extension: Poppit! = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: Google Wallet = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Users\Tng family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.7.5.0_0\
O1 HOSTS File: ([2014/07/23 22:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130330205700.dll (McAfee, Inc.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130330205700.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_862EC30EB1851205146266A5AA620BF4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Insaniquarium%20Deluxe/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11954C7A-02F1-43F3-9EBA-E0340518D1FD}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BD9AF81-7A1B-4560-8E29-AE42E5C41E55}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{940BD3BC-21D9-4AD4-9E27-35548E26C424}: DhcpNameServer = 165.21.83.88 165.21.100.88
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/26 17:28:04 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/26 19:01:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tng family\Desktop\OTL.exe
[2014/07/26 17:27:43 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014/07/26 17:27:42 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/07/26 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/07/26 17:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/26 14:15:47 | 000,000,000 | ---D | C] -- C:\Users\Tng family\Desktop\RK_Quarantine
[2014/07/23 22:47:02 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/07/23 22:40:37 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/07/23 22:24:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/22 21:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/22 21:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/22 21:26:20 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/22 21:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/22 21:24:09 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/22 21:24:08 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/22 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/22 21:00:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/18 14:38:55 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Roaming\Funshion
[2014/07/16 16:24:20 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Local\Giraffe
[2014/07/11 07:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/08 19:17:01 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Roaming\DropboxMaster
[2014/07/08 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/08 19:16:03 | 000,000,000 | ---D | C] -- C:\Users\Tng family\AppData\Roaming\Dropbox
[2014/07/07 20:54:10 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2010/10/11 05:41:57 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/07/26 19:04:45 | 000,000,047 | ---- | M] () -- C:\Users\Tng family\FunShion.ini
[2014/07/26 19:04:18 | 000,022,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/26 19:04:18 | 000,022,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/26 19:01:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tng family\Desktop\OTL.exe
[2014/07/26 18:56:40 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/26 18:56:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/26 18:56:13 | 3192,909,824 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/26 18:37:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/26 18:19:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/26 17:28:04 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/26 17:27:43 | 000,002,228 | ---- | M] () -- C:\Users\Tng family\Desktop\SpyHunter.lnk
[2014/07/26 14:07:16 | 000,000,021 | ---- | M] () -- C:\windows\tpcsd
[2014/07/25 16:00:44 | 003,314,400 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/07/25 16:00:44 | 001,438,324 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/07/25 16:00:43 | 000,006,666 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/07/23 22:23:30 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/07/22 21:47:36 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/22 21:24:14 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/20 20:15:58 | 000,000,954 | ---- | M] () -- C:\Users\Tng family\AppData\Roaming\coreavc.ini
[2014/07/19 21:58:49 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/13 15:41:20 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\_backup
[2014/07/07 20:54:33 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/07/07 20:54:32 | 000,427,360 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/07/07 20:54:13 | 000,224,896 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/07/07 20:54:13 | 000,092,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/07/07 20:54:12 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2014/07/07 20:54:12 | 000,307,344 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/07/07 20:54:12 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/07/07 20:54:12 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/07/07 20:54:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/07/07 20:54:12 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/07/07 20:54:10 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/07/26 17:28:04 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/07/26 17:27:46 | 000,022,704 | ---- | C] () -- C:\windows\SysNative\drivers\EsgScanner.sys
[2014/07/26 17:27:43 | 000,002,228 | ---- | C] () -- C:\Users\Tng family\Desktop\SpyHunter.lnk
[2014/07/26 14:07:16 | 000,000,021 | ---- | C] () -- C:\windows\tpcsd
[2014/07/22 21:50:17 | 000,000,047 | ---- | C] () -- C:\Users\Tng family\FunShion.ini
[2014/07/13 15:41:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\_backup
[2014/06/17 11:33:28 | 000,000,305 | ---- | C] () -- C:\windows\SysWow64\bdsecushr.dat
[2013/12/29 19:43:03 | 000,000,017 | ---- | C] () -- C:\Users\Tng family\AppData\Local\resmon.resmoncfg
[2013/05/23 13:55:42 | 000,188,200 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2013/04/14 22:18:58 | 000,735,282 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/03/30 20:41:00 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013/03/30 20:29:11 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/03/30 20:29:11 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/03/30 20:29:09 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2013/03/30 20:26:47 | 000,000,010 | ---- | C] () -- C:\windows\GSetup.ini
[2013/03/30 12:48:35 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 12:48:35 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 12:48:35 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 12:48:35 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 12:48:35 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/12/29 17:23:29 | 000,011,264 | ---- | C] () -- C:\windows\Launcher.exe
[2012/01/05 20:41:08 | 000,000,696 | ---- | C] () -- C:\Users\Tng family\Libraries - Shortcut.lnk
[2011/09/09 22:35:14 | 000,000,954 | ---- | C] () -- C:\Users\Tng family\AppData\Roaming\coreavc.ini
========== ZeroAccess Check ==========
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/06/10 18:45:51 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Animals
[2011/11/27 23:10:36 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\AnvSoft
[2013/03/30 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Auslogics
[2013/11/17 08:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\AVAST Software
[2013/11/11 19:42:44 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Canon
[2014/07/22 22:01:15 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\CloudMedia
[2014/06/10 19:54:29 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\DataRepair
[2014/07/08 19:17:18 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Dropbox
[2014/07/08 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\DropboxMaster
[2014/03/22 16:27:25 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\DVDVideoSoft
[2014/07/22 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Funshion
[2014/03/15 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Orbit
[2014/03/08 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Paltalk
[2011/04/10 17:17:21 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\ProgSense
[2014/05/03 14:41:36 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\PushApp
[2014/03/16 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\SmileysWeLove
[2012/03/01 22:48:09 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\Sony
[2011/09/03 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\SpinTop
[2014/03/12 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\Tng family\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/05/03 14:41:14 | 000,000,000 | ---D | M](C:\Users\Tng family\AppData\Local\Temp?) -- C:\Users\Tng family\AppData\Local\Temp尰
[2014/05/03 14:41:14 | 000,000,000 | ---D | M](C:\Users\Tng family\AppData\Local\Temp?) -- C:\Users\Tng family\AppData\Local\Temp尰
(C:\Users\Tng family\AppData\Local\Temp?) -- C:\Users\Tng family\AppData\Local\Temp尰
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:7D6EC5BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:196FC0A6
< End of report >
extra log
OTL Extras logfile created on: 7/26/2014 7:02:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tng family\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy
3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.88% Memory free
13.73 Gb Paging File | 11.42 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 5938 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 3.20 Gb Free Space | 6.55% Space Free | Partition Type: NTFS
Drive D: | 391.76 Gb Total Space | 108.30 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Computer Name: TNG-FAMILY-PC | User Name: Tng family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = BaiduBrowserHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = BaiduBrowserHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049A7392-4421-45C8-B687-DE0923B29EF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0AE3B830-69E6-409D-98E6-7F8B5F4B84B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AC8D274-4FCE-4BC6-8095-EE360AF848CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B8CAAB6-FF9C-48F0-96EC-007B49A62EEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{235B7E74-6A52-4C63-AB38-3783E2C51E9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A87FAA5-7566-4CC2-A7B9-137B4CB890E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E00EE40-EBF4-4A05-A508-E6EAB35F2D6E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{51792633-0D34-47C3-B344-13AF6CED1A3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{62E442BE-C1B7-46C7-92A9-22367FDCBD62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73520022-2FA9-4181-B264-79761E65F1F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DA4B919-84F9-4540-8ECD-8C526829CDF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{85D23F70-CFA9-4739-AC7F-37468608D2C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{927610E9-A099-4162-ABFC-04271DB38834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DA61ECD-9836-459C-9626-2EB4BA3C3C25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABA27E4C-A5D6-4750-AC66-76679FE3E6E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{AC4A4A01-D78B-420B-BFC9-1FA114459771}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF3432B1-FC8C-4161-B665-C7F107596CF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AFEA95FB-83A2-4FF4-AE7D-4EE25E2F8607}" = lport=139 | protocol=6 | dir=in | app=system |
"{B8C01EF5-58E7-42C4-90E9-D18E103FF435}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA529312-B212-4B1C-94E5-A5E6BDFD5734}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0FC1A5B-3D1D-4598-BDF4-4E822A41442C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6C35B2D-7E28-4E84-8DE6-CBEC686D041D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E984257C-EF9C-44F5-9E4C-6A9EDB7466A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{FAA352BD-BEE9-4215-B690-19D9D39FCF54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC2F8C34-CFAC-43B0-93FA-9D9E002B02AB}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB65-1AF6-4F12-A878-EF0149A3B06B}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{116E968F-EAA5-4460-8112-C7B9F23A99D9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13BC600C-ED44-4549-BE8F-9D59867DE903}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{146AAA37-27CC-4B1C-BE17-CC7C602B3040}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{15BA5719-7842-4289-AC64-7413F44A9026}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20FF6410-42E8-4F26-A4D1-CF6B22F2489A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2780FDD5-FE04-4A87-BB49-BD89FA9D7E9F}" = protocol=17 | dir=in | app=c:\users\tng family\downloads\baiduplayernetsetup_100.exe |
"{2837B368-782C-4A4C-A587-2786BB141A3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DF6A919-45B4-4C44-9A84-BC6438953690}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3F74BF7F-B455-4BC8-8B49-417296438097}" = protocol=6 | dir=in | app=c:\users\tng family\downloads\baiduplayernetsetup_100.exe |
"{42EFF620-3CDE-4F14-BB23-9E89F4FCE56A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{48EE7EDD-1BF4-4EDF-AB37-3A621328F5CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FB8AE16-F52A-4E48-B5F0-3F93D696AF33}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{539CCE2E-20E0-4B20-A98B-C594D822F337}" = protocol=6 | dir=in | app=c:\users\tng family\appdata\roaming\dropbox\bin\dropbox.exe |
"{585EAB87-979B-4A3B-897F-AB529CBF5A02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A9A8CCE-7EFC-4748-9B69-D9506CBE45C9}" = protocol=58 | dir=out | [email protected],-28546 |
"{6D79A5BC-7A77-4E2E-BF5B-7143841CC76F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{728CF9F6-C061-4D4D-8A59-A4A48CBFB4F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72B2ACA3-F3EF-4869-9ACF-3300B6547E5F}" = protocol=6 | dir=out | app=system |
"{7A33A7B4-EB89-498D-9F2B-4D2379F7565C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0E1CCE-6BEB-4A69-A50F-9A8B82DFCE80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8278FB87-CFC6-47FE-86CE-82EFA416F488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88232C9F-3896-4AF2-A70B-7696C50DE107}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8D4ED87F-FCDB-44D0-B045-E974EB5FB565}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91B3F497-2830-4E29-B27C-AFBDE71A094D}" = protocol=17 | dir=in | app=c:\users\tng family\downloads\qvodsetup5.exe |
"{92EF1584-A4DD-4BD8-A916-7661F15A85D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94F9149E-884C-4CFE-8D44-06770255BC62}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{9C45CFA3-A0DF-4A70-9B4D-4328ABD99947}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{A113F6BF-94A9-4335-85E2-324DB7B913B5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A25BDC7B-7676-413E-A571-1F501B794576}" = protocol=6 | dir=in | app=c:\users\tng family\downloads\qvodsetup5 (1).exe |
"{A76B0F7D-BE89-420E-A4A4-2FA092C7F30B}" = protocol=1 | dir=out | [email protected],-28544 |
"{AA5B5E4D-6E05-406D-AC85-B1F107494186}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C15632BD-958F-4D45-B1DF-E8D056719806}" = protocol=1 | dir=in | [email protected],-28543 |
"{C300AEDB-9F5D-49EE-90C6-75B0796AF6BD}" = protocol=58 | dir=in | [email protected],-28545 |
"{C674B5A6-FE8E-4E78-8ADB-F9912823423B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C6DB5043-5D0B-429D-8538-9392DF8D644A}" = protocol=6 | dir=in | app=c:\users\tng family\downloads\qvodsetup5.exe |
"{C8606267-C46A-47E8-8578-96D42A9C6C13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE94CA6C-7F81-4D1B-8F00-BE41E347A56B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7F949F7-ECFB-45B7-BD7C-C663FA0B643E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA3B0170-D835-4949-A1A6-D6E061C259A7}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{ECAE30A2-FAB1-432D-8082-CA641D86E697}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{EDE366EB-89E7-44F2-AEFF-FA7C53CBACD6}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F10741D5-0A63-4AF9-842C-DD7875BD324D}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{FB707A32-0685-4F58-B0E9-74BF0F2E735C}" = protocol=17 | dir=in | app=c:\users\tng family\appdata\roaming\dropbox\bin\dropbox.exe |
"{FD62E45C-75A0-44B9-9EC7-D1008098819E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FFA4AC9A-B92C-4208-B659-11B5E1816B12}" = protocol=17 | dir=in | app=c:\users\tng family\downloads\qvodsetup5 (1).exe |
"TCP Query User{24B3560B-D3FE-43F9-AA01-E5874A97C8AE}F:\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\mirc\mirc.exe |
"TCP Query User{2AA62CEE-473E-4E73-AAE8-3D802D6D8E38}G:\u1301.exe" = protocol=6 | dir=in | app=g:\u1301.exe |
"TCP Query User{35726829-C0B9-42DB-8934-90794C0FEBF6}C:\users\tng family\desktop\u tmp\u1304.exe" = protocol=6 | dir=in | app=c:\users\tng family\desktop\u tmp\u1304.exe |
"TCP Query User{3BD64019-7E00-42FA-81B4-9AFFD5D20448}F:\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\mirc\mirc.exe |
"TCP Query User{5691E910-AB15-4985-AEF7-884D078E70CB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5CB534B2-4D94-4136-8B39-1030D4C86C9D}F:\autorun.inf\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\autorun.inf\mirc\mirc.exe |
"TCP Query User{5F6282C2-A7EF-454F-AD9B-D741C53A408B}H:\psnl\psl\mirc\mirc.exe" = protocol=6 | dir=in | app=h:\psnl\psl\mirc\mirc.exe |
"TCP Query User{5F730B2C-B3E8-495B-9D52-90E31A3E757E}F:\psnl\psl\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\psnl\psl\mirc\mirc.exe |
"TCP Query User{68537919-2010-464F-9E09-3D8ABC5EE6A5}G:\mirc\mirc.exe" = protocol=6 | dir=in | app=g:\mirc\mirc.exe |
"TCP Query User{802EC1B5-5B71-40F4-9CE9-5EB928717A2E}F:\autorun.inf\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\autorun.inf\mirc\mirc.exe |
"TCP Query User{877E9EBA-C875-49DC-87EE-A974BB8CC6A3}F:\psnl\new folder\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\psnl\new folder\mirc\mirc.exe |
"TCP Query User{9790C43A-6B0D-4081-AE99-A89C475E5107}G:\u1303.exe" = protocol=6 | dir=in | app=g:\u1303.exe |
"TCP Query User{C7CB64A1-F15B-4F72-A04E-8F09ABA2E6DD}C:\Program Files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CDFF6D7E-8019-44D6-B165-7DFAA2B869AF}G:\u1304.exe" = protocol=6 | dir=in | app=g:\u1304.exe |
"TCP Query User{D4742C4D-CC0A-4B1F-B2E5-916B8B564B1C}C:\Program Files (x86)\Tango\Tango.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"TCP Query User{EAD39F4F-AEE6-4558-8B57-9DC0F7B3E4DA}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe |
"TCP Query User{EC69D756-BC72-43E2-AF60-23B78EF19B28}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{FF99B433-361D-48B4-9468-0EBA1F0EAFA1}G:\mirc\mirc.exe" = protocol=6 | dir=in | app=g:\mirc\mirc.exe |
"UDP Query User{0B17CB89-CC63-4930-8E4C-7832DD8F8B04}C:\users\tng family\desktop\u tmp\u1304.exe" = protocol=17 | dir=in | app=c:\users\tng family\desktop\u tmp\u1304.exe |
"UDP Query User{14CBCBEA-AD8B-4E50-9332-E0ED71B90818}F:\autorun.inf\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\autorun.inf\mirc\mirc.exe |
"UDP Query User{2BE294B4-AB19-4BBA-B9A5-51A7A63630AB}F:\psnl\new folder\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\psnl\new folder\mirc\mirc.exe |
"UDP Query User{38453E04-97B1-416D-996B-D382D3DEEFF0}C:\Program Files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{48D3A955-B9B4-4947-AE95-04B39CFFDEBF}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe |
"UDP Query User{49D2172D-1988-4E4B-81D7-21BC35CCDE54}G:\u1303.exe" = protocol=17 | dir=in | app=g:\u1303.exe |
"UDP Query User{4E544402-EB8B-40E5-9CD1-9BFC232ED07D}H:\psnl\psl\mirc\mirc.exe" = protocol=17 | dir=in | app=h:\psnl\psl\mirc\mirc.exe |
"UDP Query User{509D61EA-6982-47E7-A029-B79B881D3C34}F:\autorun.inf\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\autorun.inf\mirc\mirc.exe |
"UDP Query User{6414909B-BFA3-4D97-AD5A-62F286F17E46}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6D46B49C-0396-4431-A920-388CE0434556}G:\u1304.exe" = protocol=17 | dir=in | app=g:\u1304.exe |
"UDP Query User{7AAD17EE-8BC4-46FA-8CD9-701C7275036F}C:\Program Files (x86)\Tango\Tango.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"UDP Query User{88E44DE9-8214-430E-9B6B-01CCDA7FC238}F:\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\mirc\mirc.exe |
"UDP Query User{9C7533CB-DB59-4F4D-BFBF-E9474275090A}G:\mirc\mirc.exe" = protocol=17 | dir=in | app=g:\mirc\mirc.exe |
"UDP Query User{BB535010-394D-439F-961A-399B7D38AB7E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{DE93A6A0-3E17-4434-A379-1D6FCE918046}F:\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\mirc\mirc.exe |
"UDP Query User{F1D46ECA-A544-4162-B6CE-C14D9975750D}F:\psnl\psl\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\psnl\psl\mirc\mirc.exe |
"UDP Query User{F2102306-CC1B-4520-884C-1E5E7EA95BBE}G:\u1301.exe" = protocol=17 | dir=in | app=g:\u1301.exe |
"UDP Query User{FCCE2CD5-0725-4136-9F90-7F53C3BD1BB5}G:\mirc\mirc.exe" = protocol=17 | dir=in | app=g:\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2BD91C-BDFA-6BF8-82EA-40B89C2049B5}" = ccc-utility64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}" = SpyHunter
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04186B1C-DF98-454E-9B3D-AA893195A061}" = Catalyst Control Center Graphics Full New
"{04B21400-600F-6FF5-46EE-240483FE4A76}" = CCC Help Polish
"{05912563-6E7E-450E-9510-B327DD05A831}" = Catalyst Control Center - Branding
"{06124711-135F-8762-EA00-A26B43C807E0}" = CCC Help French
"{0AAFB364-4473-5352-482B-98980DDE62B1}" = CCC Help Swedish
"{107A00BF-DE5F-9951-A1F9-2AFF053B62C2}" = CCC Help Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1876668E-B44D-4D00-A6DD-0E3BED0E60D6}_is1" = Plants Vs Zombies Game Of The Year Edition
"{1ADA8C92-BB3E-CE1E-5E86-C1FE4392B712}" = Catalyst Control Center Graphics Light
"{1DCD85EB-7883-1925-1B7F-55EBBB05226F}" = CCC Help Hungarian
"{1E3A9A55-45E0-2BB9-FA50-411DC9F3CE1A}" = CCC Help Norwegian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EFE21C6-54EF-D331-1873-5FBA4D07B0F6}" = CCC Help Japanese
"{2F99AE30-3E91-94CA-E381-250967F7C596}" = CCC Help English
"{3BF70CA1-069B-0406-A440-F4EE9B40C7E4}" = Catalyst Control Center Localization All
"{3E924C43-AA5E-7540-21BD-49F2FC750CC6}" = Catalyst Control Center InstallProxy
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C537625-54F2-3945-8107-023404BF812D}" = CCC Help Russian
"{55DD5CE4-6949-4F6D-AA60-EDE8383CE748}" = NWZ-W260 WALKMAN Guide
"{562A745F-410D-25FD-E20B-1B8A59A27939}" = CCC Help German
"{5B5BC944-03D2-D664-819A-9063BBC776EE}" = CCC Help Korean
"{5DFA32F0-2290-6FC4-04E3-860561746CB7}" = Catalyst Control Center Graphics Previews Common
"{612DADBF-02EE-84F3-70EC-056F07C6601D}" = ccc-core-static
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6AE62324-B72F-A581-596F-6531C745EB10}" = CCC Help Turkish
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838FDAF9-6B5C-88FF-9834-7260EBCC7EB2}" = CCC Help Spanish
"{850A0EA4-A079-C3A8-89AD-18CCCB5632D2}" = CCC Help Portuguese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{96F0124E-5E6C-B16D-75F8-436FA0856B03}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A755D133-9910-F13C-9954-3A014466212B}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6C1B65-9D23-850A-57AC-30A39189DBDA}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD389AFC-E512-4818-AF85-F7E02866FBC6}" = Genesys USB Mass Storage Device
"{BF1FE1B6-A7C8-45A0-A0AF-D80001A4DF44}" = Catalyst Control Center - Branding
"{C0D9B008-D3CA-F479-C4E9-65997777E7A8}" = CCC Help Czech
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C94211A4-E2B5-FAF0-6AE5-A9070F0C807C}" = Catalyst Control Center Core Implementation
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D5A242BB-A9C8-A596-1B34-6077FF4B9DE2}" = CCC Help Greek
"{D93C49B5-9B72-CA8B-B9CE-F1ED3E5217A3}" = CCC Help Finnish
"{DF0640ED-B907-8C66-CD0F-83FB92E030D7}" = CCC Help Chinese Traditional
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EAEAE1B4-A596-DA37-59D3-39DFDF8505E8}" = CCC Help Italian
"{EFFD585B-B7B5-E052-CEBD-9EB433070873}" = Catalyst Control Center Graphics Previews Vista
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.188
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2EA20BB-8309-F785-E638-07E33D0165EE}" = CCC Help Thai
"{FB93553A-CBA7-44FE-BD70-A996C859DD06}" = BlueStacks Notification Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"BlueStacks App Player" = BlueStacks App Player
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.2.30.319
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"JumpStart First Grade" = JumpStart First Grade
"JumpStart Kindergarten" = JumpStart Kindergarten
"JumpStart Phonics Read and Rhyme" = JumpStart Phonics Read and Rhyme
"JumpStart PreSchool" = JumpStart PreSchool
"Kelloggs Ocean Comic Constructor1.0" = Kelloggs Ocean Comic Constructor
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"RealAlt_is1" = Real Alternative 2.0.2
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player 2.1.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Tango" = Tango
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/26/2014 2:25:20 AM | Computer Name = Tng-family-PC | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT :
0x80070490) (0x80070490)
Error - 7/26/2014 2:25:20 AM | Computer Name = Tng-family-PC | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801)
(0xc0041801)
Error - 7/26/2014 2:25:20 AM | Computer Name = Tng-family-PC | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application
Details:
The
content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error - 7/26/2014 2:25:20 AM | Computer Name = Tng-family-PC | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The content index catalog
is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error - 7/26/2014 4:39:30 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/26/2014 4:46:36 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/26/2014 4:50:23 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/26/2014 5:12:17 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/26/2014 6:23:10 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 7/26/2014 6:57:09 AM | Computer Name = Tng-family-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
[ System Events ]
Error - 7/26/2014 2:25:43 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
Error - 7/26/2014 2:25:43 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.
Error - 7/26/2014 2:25:43 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
Error - 7/26/2014 4:39:30 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
Error - 7/26/2014 4:46:36 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
Error - 7/26/2014 4:50:23 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
Error - 7/26/2014 5:12:17 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
Error - 7/26/2014 6:23:10 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
Error - 7/26/2014 6:42:11 AM | Computer Name = Tng-family-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 7/26/2014 6:57:09 AM | Computer Name = Tng-family-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064
< End of report >
:
Sign In
Create Account
