Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Various adware (stormfall, dealkeeper, possibly pennybee) might have i

adware freezing stormfall dealkeeper windows 8 ads corrupt system files

  • This topic is locked This topic is locked

#1
SnarkKnight96

SnarkKnight96

    Member

  • Member
  • PipPip
  • 21 posts

Hi, on July 28th, when installing a ps2 emulator, I seem to have gotten some adware on my PC (a Windows 8 with Classic Shell installed), most notably Stormfall (I uninstalled the program, and deleted all folders, but still get the login screen that randomly pops up. When it did, I used to get a Plarium folder, but a couple days ago, I used an extension called Block Site, which blocked the site itself. I still get popups, but the folder doesn't create itself anymore. Only other thing I think I should add is that before this, when I looked in the history, it had "JASONPC" next to it, which is mine. This gives me reason to believe that it might have changed the registry.), DealKeeper (which I haven't seen ads from since I uninstalled it and deleted the folder, yet I still get registry keys associated to it occasionally, from ADW Cleaner and JRT, even though I uninstalled ADW Cleaner when it found it). It also installed Pennybee, but as far as I know, I deleted and uninstalled it. One last thing I want to mention is that my PC randomly freezes when connecting to websites sometimes, and I have to manually restart it by pressing the power button. I did a system file check, and there was a message in the log saying it couldn't repair some member files. 

 

So far, those are the only problems I've been having, but I just want to make sure everything's okay. My computer isn't even that old (bought in November, and unless I'm overreacting, I don't think it should be acting like this)

 

I have Junkware Removal Tool, Mcafee, Malwarebytes, Spybot Search and Destroy, and ADW Cleaner installed.

 

Here is the ADW Cleaner log if you need it:

 

# AdwCleaner v3.304 - Report created 10/08/2014 at 17:50:55

# Updated 08/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jason - JASONPC
# Running from : C:\Users\Jason\Downloads\adwcleaner_3.304.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\og93oqtz.default-1407017548133\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [915 octets] - [08/08/2014 21:30:09]
AdwCleaner[R1].txt - [974 octets] - [08/08/2014 21:41:10]
AdwCleaner[R2].txt - [1033 octets] - [08/08/2014 21:46:52]
AdwCleaner[R3].txt - [1094 octets] - [08/08/2014 22:37:36]
AdwCleaner[R4].txt - [1155 octets] - [08/08/2014 23:00:12]
AdwCleaner[R5].txt - [1215 octets] - [09/08/2014 15:44:02]
AdwCleaner[R6].txt - [1135 octets] - [10/08/2014 17:50:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1195 octets] ##########
 
Let me know if I should install anything else, or if you need any other logs.
 
None of the programs I'm using are detecting anything by Stormfall, and like I said, sometimes it detects registry keys by Dealkeeper, sometimes it does not.
 
Please get back to me ASAP. Thanks.

Edited by SnarkKnight96, 11 August 2014 - 03:32 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi, I'd be glad to help. Please run OTL as described below and post the resulting files.

 

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    BASESERVICES
    
    /md5start
    
    rpcss.dll
    
    /md5stop
    
    
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 


  • 0

#3
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi, I'd be glad to help. Please run OTL as described below and post the resulting files.

 

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    BASESERVICES
    
    /md5start
    
    rpcss.dll
    
    /md5stop
    
    
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 

 

 

 

 

 

 

 

OTL logfile created on: 8/15/2014 5:56:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jason\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 5.46 Gb Available Physical Memory | 69.39% Memory free
10.70 Gb Paging File | 4.78 Gb Available in Paging File | 44.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.75 Gb Total Space | 816.26 Gb Free Space | 89.43% Space Free | Partition Type: NTFS
Drive D: | 17.28 Gb Total Space | 2.15 Gb Free Space | 12.45% Space Free | Partition Type: NTFS
 
Computer Name: JASONPC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/15 17:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2014/08/06 23:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/09 23:44:38 | 000,089,864 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2013/06/09 23:44:34 | 000,294,664 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/06/09 23:44:31 | 000,077,576 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2013/03/12 10:51:55 | 000,110,144 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/07/18 04:51:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 04:50:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 04:46:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 04:45:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 23:20:54 | 014,669,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 23:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/06 23:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2013/03/13 01:53:32 | 000,015,424 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/03/12 10:51:18 | 000,626,240 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/18 05:46:44 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/29 19:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/29 04:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/09/06 13:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/29 10:31:41 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/07/29 10:31:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/07/29 10:29:04 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/07/29 10:29:04 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/06/24 18:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/10 07:42:50 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/04/09 22:25:49 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/04/09 22:03:45 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/01/18 20:05:24 | 000,202,824 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/07/08 16:31:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/30 17:46:52 | 000,542,400 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/06/09 23:44:38 | 000,089,864 | ---- | M] (CyberLink Corp.) [Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2013/06/09 23:44:34 | 000,294,664 | ---- | M] (CyberLink) [Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/06/09 23:44:31 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/06/07 21:31:40 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/12/19 12:09:26 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 04:51:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 04:50:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 04:46:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 04:45:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/06/20 10:09:34 | 000,070,600 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/06/18 03:12:12 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/06/18 03:11:44 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/28 15:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 18:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 07:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 02:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 22:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/08/16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 02:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/29 10:29:04 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 21:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 21:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 07:42:49 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/09 22:25:49 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/04/09 22:22:07 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/04/09 22:21:18 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/04/09 22:18:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/04/09 22:14:35 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/04/09 22:14:35 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/04/09 22:05:54 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/04/09 22:02:48 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/04/09 22:02:48 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/03/25 17:55:54 | 000,108,312 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2013/03/15 17:47:56 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/01 15:28:50 | 000,259,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/02/19 04:15:54 | 000,772,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/13 12:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/26 20:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/10/26 20:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/18 04:46:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 10:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/22 15:53:16 | 000,694,416 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2013/03/12 04:09:48 | 000,084,168 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes\{0BA66F06-72C9-4220-88EC-106A417D797C}: "URL" = https://search.yahoo...p={SearchTerms}
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/08/02 17:46:07 | 000,000,000 | ---D | M]
 
[2014/06/30 18:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.facebook.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Jason\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Angry Birds = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Megavideo Playerplus = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\efpoolkicbnlkaibhppihnfehghajfeg\1.7.3_0\
CHR - Extension: Block site = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\3.1.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_1\
CHR - Extension: AdBlock = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.11_0\
CHR - Extension: Illimitux = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Tumblr Savior = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.11_0\
CHR - Extension: MegaSkipper = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.66_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-1537228853-612569023-1872746861-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1537228853-612569023-1872746861-1001..\Run: [uTorrent] C:\Users\Jason\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5716052-43B6-46FC-8034-36490BE33470}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/15 17:52:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2014/08/15 11:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/08/10 18:20:53 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/08 21:30:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/03 22:45:53 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/03 22:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/03 22:45:29 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/03 22:45:29 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/08/03 22:45:29 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/08/03 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/03 22:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/03 22:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/08/03 22:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/08/03 22:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/08/02 18:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/07/31 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DomDomSoft Manga Reader
[2014/07/30 15:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DomDomSoft Manga Downloader
[2014/07/30 01:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/29 17:51:13 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/07/28 18:01:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Macromedia
[2014/07/28 17:54:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\PCSX2
[2014/07/28 17:37:43 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2014/07/27 00:51:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\.minecraft
[2014/07/25 18:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/25 18:37:52 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/25 18:37:47 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/25 18:37:47 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/25 18:37:47 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/25 18:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/25 18:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/15 17:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2014/08/15 17:49:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/15 17:31:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/15 17:31:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/15 11:07:07 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2014/08/15 11:05:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 20:33:13 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/14 17:13:44 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/10 18:51:04 | 000,935,850 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/10 18:51:04 | 000,220,346 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/10 18:51:04 | 000,005,450 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/10 18:44:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/10 18:44:46 | 2469,019,647 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/04 16:30:37 | 000,001,115 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/08/03 22:45:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/03 22:44:13 | 000,001,289 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/08/03 22:44:13 | 000,001,265 | ---- | M] () -- C:\Users\Jason\Desktop\Spybot - Search & Destroy.lnk
[2014/08/02 19:41:55 | 000,002,286 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/07/31 16:55:31 | 000,001,194 | ---- | M] () -- C:\Users\Jason\Desktop\DomDomSoft Manga Reader.lnk
[2014/07/30 15:56:48 | 000,001,242 | ---- | M] () -- C:\Users\Jason\Desktop\DomDomSoft Manga Downloader.lnk
[2014/07/28 19:53:24 | 000,424,272 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/28 00:17:16 | 000,690,928 | ---- | M] () -- C:\Users\Jason\Documents\be a man.mp4
[2014/07/27 00:50:59 | 000,675,988 | ---- | M] () -- C:\Users\Jason\Desktop\Minecraft.exe
[2014/07/25 18:37:44 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/25 18:37:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/25 18:37:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/25 18:37:44 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/25 18:36:53 | 000,000,820 | ---- | M] () -- C:\Users\Jason\Desktop\µTorrent.lnk
[2014/07/25 18:36:53 | 000,000,800 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/03 22:45:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/03 22:44:13 | 000,001,289 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/08/03 22:44:13 | 000,001,265 | ---- | C] () -- C:\Users\Jason\Desktop\Spybot - Search & Destroy.lnk
[2014/08/02 18:29:17 | 000,002,286 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/02 18:29:17 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/02 18:26:32 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/02 18:26:31 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/31 16:55:31 | 000,001,224 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DomDomSoft Manga Reader.lnk
[2014/07/31 16:55:31 | 000,001,194 | ---- | C] () -- C:\Users\Jason\Desktop\DomDomSoft Manga Reader.lnk
[2014/07/30 15:56:48 | 000,001,272 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DomDomSoft Manga Downloader.lnk
[2014/07/30 15:56:48 | 000,001,242 | ---- | C] () -- C:\Users\Jason\Desktop\DomDomSoft Manga Downloader.lnk
[2014/07/28 19:53:17 | 000,424,272 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/28 00:17:09 | 000,690,928 | ---- | C] () -- C:\Users\Jason\Documents\be a man.mp4
[2014/07/27 00:50:50 | 000,675,988 | ---- | C] () -- C:\Users\Jason\Desktop\Minecraft.exe
[2014/07/25 18:36:53 | 000,000,820 | ---- | C] () -- C:\Users\Jason\Desktop\µTorrent.lnk
[2014/02/11 20:42:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2014/02/05 17:50:08 | 000,043,976 | ---- | C] () -- C:\Users\Jason\AppData\Local\save_en.bmp
[2014/02/05 17:49:04 | 000,043,976 | ---- | C] () -- C:\Users\Jason\AppData\Local\save_es.bmp
[2014/02/05 16:10:06 | 000,195,108 | ---- | C] () -- C:\Users\Jason\AppData\Local\lateral3.bmp
[2014/02/05 16:08:44 | 000,193,744 | ---- | C] () -- C:\Users\Jason\AppData\Local\lateral1.bmp
[2013/11/29 22:45:03 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/11/29 15:05:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/11/29 15:05:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7B528BDC41.sys
[2013/04/03 20:16:51 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/12/13 12:41:24 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/12/13 12:38:16 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/13 12:38:16 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/10/26 20:42:24 | 000,336,232 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/10/26 20:42:22 | 010,919,784 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/10/26 20:42:22 | 000,103,272 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2010/11/12 05:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Jason\AppData\Local\lateral2.bmp
 
========== ZeroAccess Check ==========
 
[2013/09/25 16:03:47 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 04:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 02:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/28 01:04:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.minecraft
[2014/08/07 01:01:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Audacity
[2014/07/31 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\CDisplayEx
[2014/08/15 01:40:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ClassicShell
[2013/11/28 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2014/03/21 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2014/05/03 13:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Oracle
[2014/03/21 21:21:05 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Riot Games
[2014/01/29 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity
[2014/07/28 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2013/04/09 22:03:32 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/06/10 07:39:36 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012/07/25 23:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012/07/25 23:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/10/10 05:20:43 | 000,723,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 23:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012/07/25 23:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/25 23:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/13 02:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2013/04/09 22:14:35 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2013/04/09 22:14:39 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/04/09 22:02:51 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012/07/25 23:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012/07/25 23:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012/07/25 23:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012/07/25 23:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012/07/25 23:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012/07/25 23:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/04/09 22:03:45 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012/07/25 23:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/07/29 10:31:41 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/04/09 22:03:33 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012/07/26 01:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/04/09 22:03:32 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/07/25 23:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012/07/25 23:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012/07/25 23:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012/07/25 23:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/03/10 20:39:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/06/10 07:42:49 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/07/25 23:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012/07/25 23:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012/07/25 23:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2014/03/28 04:23:00 | 001,287,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012/07/25 23:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/25 23:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/07/25 23:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/25 23:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/07/29 10:31:41 | 001,483,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/06/01 05:19:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/06/10 07:42:50 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 23:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2014/03/29 04:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 23:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/10/31 01:56:24 | 000,915,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012/07/25 23:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012/07/25 23:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/07/25 23:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/10/08 18:27:56 | 003,279,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/07/25 23:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2013/04/09 22:18:58 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012/07/25 23:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
<  >
[2012/07/26 03:22:10 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2014/07/06 19:02:15 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2014/08/02 18:26:31 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/08/02 18:26:32 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: RPCSS.DLL  >
[2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\windows\SysNative\rpcss.dll
[2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.2.9200.16384_none_c2948360c7a43433\rpcss.dll
 
< End of report >
 
OTL Extras logfile created on: 8/15/2014 5:56:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jason\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 5.46 Gb Available Physical Memory | 69.39% Memory free
10.70 Gb Paging File | 4.78 Gb Available in Paging File | 44.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.75 Gb Total Space | 816.26 Gb Free Space | 89.43% Space Free | Partition Type: NTFS
Drive D: | 17.28 Gb Total Space | 2.15 Gb Free Space | 12.45% Space Free | Partition Type: NTFS
 
Computer Name: JASONPC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{745A3412-DEFF-438E-B4F0-F99F082645CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{79EAC035-511E-4E88-8813-5B69D1A41935}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8ECEB8EC-DF25-4C62-A80A-43F1128FC7D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{DBBF1800-7829-4651-8CC4-B8561F48C0F9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B4A4DA-3AD5-40DF-A7F2-CDA63BB5E131}" = dir=out | [email protected]{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{048B8F59-DAC8-416B-9FD5-1D0F8548F762}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{0E52D155-364B-40F7-85D8-6D72C607C9BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{1422ECF8-185D-49C9-9B30-BE2FD9F47125}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{17395D91-3325-485D-BD14-FA91CBBE0AE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{1B36D3BD-FB6D-42EF-A19F-5D6A2B3C7651}" = dir=out | name=kindle | 
"{244051A5-C19B-4D99-9C47-F84216C27111}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{2D1A5FA7-0111-495C-B1C5-2C86526FCE21}" = dir=out | name=box | 
"{335D6030-ED23-4577-B2D9-C12A510E091E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{385CD5C7-768F-4C08-9203-999AD0E1D9E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3D94C19F-258A-422A-A84C-3FE1697F579E}" = dir=out | name=netflix | 
"{3E317455-A8EA-4976-8FA7-7C5AE19DAD40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{4489E500-FD50-4A7F-BF30-48F72D145DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{46070D6E-3087-42F0-B879-440291299941}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{464410B7-D87D-410E-A039-4013F3026D06}" = dir=in | name=microsoft solitaire collection | 
"{52F89DC8-9678-49AD-BA17-91E00E922E99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{53654071-7211-44DD-9021-24A4822832B8}" = dir=in | name=hp connected photo powered by snapfish | 
"{56FEDCEC-EDEE-4AFB-8F0A-E1C6EE887799}" = dir=in | [email protected]{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{6188A1FD-E37B-4BE5-AA28-52FB4C6CE819}" = dir=in | name=microsoft mahjong | 
"{685F18E1-5563-4222-9029-267B6217EFD7}" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe | 
"{69C5C093-7A45-4CD7-87CA-B4940C4A4E35}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{71147BBC-8CC1-4089-BF2F-AC625F9BDC7F}" = dir=out | name=skype | 
"{73DDABCA-65EC-4BF6-9D91-F3B8C595C8AA}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{7411ABCE-DB6C-4311-824D-027D7318C076}" = dir=out | [email protected]{microsoft.zunevideo_1.5.444.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{78019F2E-9BD0-4A9A-A855-EB4EEB955DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{78AE20B0-AA90-4B37-9E64-FBE435B71200}" = dir=out | name=hp games | 
"{7B8C62BF-2F6B-4A1C-9D69-18D803751F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{80482164-5700-4CAE-9EA2-A2BAB7F9F9F8}" = dir=in | name=skype | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{82EAB276-E4BE-4440-B9C4-3CEF82201C67}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{82FDDF5B-B15F-43E1-910B-F928F0F4FA16}" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe | 
"{8AB8196F-6EC1-4004-BE57-4B9706CE49AD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{90A757B6-334D-457A-A755-1F32529D6808}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9159B138-ECF9-4249-9E53-C8411183E8CD}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{921D0DA7-C74A-40EB-BAF7-BC19E0575841}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9221B7C8-DFDF-4DD9-ABBF-93BB023E38E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{933FB7AF-26CA-4F79-81C0-6938957E3B09}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{93B063F4-43C2-4000-813F-45750A9156BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9A2CA628-7F29-462E-B5B5-BBE817B02392}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{9D11D276-994F-4B7E-94F4-B642F75FF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{A0A512F7-84DA-482A-8615-9D0787C4FE09}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{A396EAA7-D5D1-4DF8-867D-BF661770A82C}" = dir=out | name=hp printer control | 
"{A44BCC0B-C41D-4B3C-BEBE-0A3B5F23616C}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{A657D04B-8F29-4EAE-93A2-2E0589EF3C72}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A88FC32D-FFF9-4BFF-8759-25DB6EF84682}" = dir=out | [email protected]{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{ABBF68AD-D94A-420C-A158-23C636FA52D8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{ABD453B1-9BF3-4DE8-8E44-4CE3271FBEA0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{ACF06965-E7CE-4937-8457-1D8E172B258C}" = dir=in | name=hp printer control | 
"{AE039E8A-E538-4D05-9926-956253D932BE}" = dir=in | name=box | 
"{AF605874-5CDE-41B3-BA7F-F9E8B2A471DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B160A47D-84EB-439E-BC80-64F329905B53}" = dir=out | name=hp connected photo powered by snapfish | 
"{B3F327E3-8FB1-4300-B667-96A4B91987B6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{B8B96C30-C957-4051-B2D1-4AA443DE9361}" = dir=out | name=microsoft mahjong | 
"{BA703B19-790F-4748-9191-725793773476}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{C3E61C1D-084D-4A99-8EA9-2E67B8574E25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C438A380-2B66-4471-BE1D-085892DDDEA3}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C50526FB-C45C-4C4B-BC1B-FD17A6F91EFB}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C735E04F-6539-4298-96B7-E41B247D844F}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{C82362A0-11DC-4727-A794-7D1A1C0165AA}" = dir=out | name=hp registration | 
"{D78DB4AD-4BF8-4455-8E1C-417AC54F501D}" = dir=out | name=norton studio | 
"{DB5807E9-76F9-45C7-B776-0D4742D22E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{DCB63C7F-1318-4F33-A90A-C13D4D4F1971}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{DF2A5A7A-8C5B-41E1-AF72-915389A1CBE3}" = dir=out | [email protected]{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{E2347C15-B6CB-4709-A7AE-48161050BCAE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{E3B5ED1A-6E39-4287-B3A4-DD6EEC0989DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E483AD97-AD5D-4263-9D48-E66FA57864E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E6574A8F-5C46-429D-AF6B-626B0A90CBF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EBED0DCE-40E8-400E-88B1-0A4EE1DD983D}" = dir=out | name=windows_ie_ac_001 | 
"{EDB33B6D-6CB2-4795-B20D-1ABA7395F11E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | 
"{EEF5E87E-7AC3-49EF-A11C-E951A3A61122}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{F0D2F244-AFBC-4B7E-B9E1-64EB7AF917F3}" = dir=out | name=microsoft solitaire collection | 
"{F5C569B6-49C2-4A23-9068-718761790EDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{F7DDF169-157F-4F95-A290-C417FD7F9B9B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F91E8EC6-3FB2-479E-A045-5677EB0C23FA}" = dir=out | name=ebay | 
"{FD27325E-834A-4546-B478-4AF363127A9D}" = dir=out | name=getting started with windows 8 | 
"{FD65FEB3-36D6-4552-A01A-182C51D7B60A}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{FE159C99-A07A-4E63-B10A-D966A354052F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{FE3AC085-9D68-4991-B33C-51E28AC92128}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CDisplayEx_is1" = CDisplayEx 1.10.16
"McAfee Security Scan" = McAfee Security Scan Plus
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DEB2EEB-BE9A-44B1-9D90-183250B61785}" = Alcor Micro USB Card Reader Driver 
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F03217065FF}" = Java 7 Update 65
"{28780589-C504-4A32-B630-2F12546123A4}_is1" = Rubber Ninjas 1.05
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5EECEB40-3EE2-4762-872D-264346A26B84}_is1" = Rubber Ninjas Demo 1.05
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.1
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B56B031-A6C0-4BB7-8F61-938548C1B759}" = Pinger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}" = HP Support Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EAB5ACD3-43C0-4B3E-931A-CA61520934AD}" = Transformers Universe
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}" = Realtek Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Audacity_is1" = Audacity 2.0.5
"DomDomSoft Manga Downloader" = DomDomSoft Manga Downloader (remove only)
"DomDomSoft Manga Reader" = DomDomSoft Manga Reader (remove only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}" = Alcor Micro USB Card Reader Driver 
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MSC" = McAfee AntiVirus Plus
"Pinger 1.1.1.2" = Pinger
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Steam" = Steam
"Steam App 105600" = Terraria
"Steam App 211820" = Starbound
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0e8c76f2-9c71-4abd-abdd-b36093e9d7d8" = Youda Jewel Shop
"WTA-0ed87f52-e1e3-497c-be5d-0bf941148971" = Roads of Rome 3
"WTA-1d85ebf1-a873-4b06-8a50-3b7f86d0f3b9" = Peggle Nights
"WTA-1fcebd5a-738f-4c4f-b69d-81c0e1986a6b" = Vacation Quest™ - Australia
"WTA-2eb43023-1034-4565-84de-dcaae47083bd" = Tales of Lagoona
"WTA-31f63b17-eb40-48ac-9410-cffa615015f4" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-34b5d725-48a7-4d08-b2ef-ed2d97a84c40" = Bejeweled 3
"WTA-38a19e73-5d62-4828-ba03-3c5de842a639" = Luxor Evolved
"WTA-4714bfee-99b4-489b-a051-b83b2c47c12b" = Farm Frenzy
"WTA-63fde134-a3b3-4b66-9eab-433425393b1a" = Azteca
"WTA-68855284-14fe-4f08-abd4-f414d1b1fa1b" = Zuma's Revenge
"WTA-6e6c15b8-5579-4281-bcc9-aeb5fb99ff33" = Jewel Match 3
"WTA-7151128d-8411-4865-99c2-a6d479fc07f9" = Governor of Poker 2 Premium Edition
"WTA-892c9fa2-3af5-445f-ae52-aeab5b2fd538" = 4 Elements II
"WTA-99f9c789-5b58-442a-a219-a6fc3b7e2bfb" = Polar Bowler
"WTA-a009f8b0-e144-4df2-8cfb-438bf9affa63" = Curse at Twilight
"WTA-a54ee0df-94a6-44b1-8299-428244a4de9f" = Mah Jong Medley
"WTA-a5f6f68a-e0b9-464d-a631-40b6169a7c54" = Airport Mania
"WTA-a673b1e1-a472-4dd0-9624-3ce618814b1b" = House of 1000 Doors: Family Secrets
"WTA-ab9a0dde-9435-4a30-885e-e67660dc4e5f" = Build-a-lot
"WTA-abdbcebd-32ce-485a-9467-cc57ff29b8cd" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-bb323cad-7032-445e-90ac-41044bb04ef4" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-d098969e-e0b2-48ba-866a-f99fa302fe77" = Royal Envoy 2 Collector's Edition
"WTA-e8aac5e0-369e-4840-a7d0-a155e766f64f" = Cradle of Rome 2
"WTA-e91360f0-46ab-47b1-a76e-0c2c5c27db39" = Cradle Of Egypt Collector's Edition
"WTA-fc77414e-6cc8-419b-8cf2-a44b504fba24" = Bounce Symphony
"WTA-fcf0d06d-2e47-4cf5-9006-5004868cd244" = Plants vs. Zombies - Game of the Year
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1537228853-612569023-1872746861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/15/2014 11:49:26 AM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1359
 
Error - 8/15/2014 11:49:26 AM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1359
 
Error - 8/15/2014 11:49:27 AM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/15/2014 11:49:27 AM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2718
 
Error - 8/15/2014 11:49:27 AM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2718
 
Error - 8/15/2014 1:07:14 PM | Computer Name = JasonPC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Spybot
 - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program 
Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/15/2014 5:09:58 PM | Computer Name = JasonPC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Spybot
 - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program 
Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/15/2014 5:44:52 PM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/15/2014 5:44:52 PM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1125
 
Error - 8/15/2014 5:44:52 PM | Computer Name = JasonPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1125
 
[ System Events ]
Error - 8/10/2014 6:45:30 PM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
 following error:   %%1053
 
Error - 8/11/2014 12:23:50 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 1 time(s).
 
Error - 8/12/2014 12:30:26 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 2 time(s).
 
Error - 8/12/2014 11:24:41 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 3 time(s).
 
Error - 8/13/2014 1:04:10 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 4 time(s).
 
Error - 8/13/2014 11:28:24 PM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 5 time(s).
 
Error - 8/14/2014 10:18:35 PM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 6 time(s).
 
Error - 8/15/2014 1:40:46 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 7 time(s).
 
Error - 8/15/2014 11:49:24 AM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 8 time(s).
 
Error - 8/15/2014 5:44:51 PM | Computer Name = JasonPC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly.  It has done this 9 time(s).
 
 
< End of report >
 

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
  •  
:Commands

[createrestorepoint]



:otl

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS

CHR - Extension: Illimitux = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\

O3 - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.



:commands

[resethosts]

[emptytemp]

[reboot]

 

 

  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     
createsrpoint;



process;



services-list;



systemspecs;



startupall;



skipfix-iedefaults;



firefoxlook;



chromelook;



filesrcm;



installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
To summarize, you'll posting back the OTL Moved File log, adwCleaner log, JRT log and ZOEK log.
 
And, let me know how the computer is working too. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

 


  • 0

#5
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
  •  
:Commands

[createrestorepoint]



:otl

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS

CHR - Extension: Illimitux = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\

O3 - HKU\S-1-5-21-1537228853-612569023-1872746861-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.



:commands

[resethosts]

[emptytemp]

[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     
createsrpoint;



process;



services-list;



systemspecs;



startupall;



skipfix-iedefaults;



firefoxlook;



chromelook;



filesrcm;



installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
To summarize, you'll posting back the OTL Moved File log, adwCleaner log, JRT log and ZOEK log.
 
And, let me know how the computer is working too. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

 

what do you mean by manually restart? hold the power button off and on again?

also, if you don't mind me asking, what will the cleaning with the OTL actually do? Is it 100% safe?


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi, :)

 

I'd be happy to answer your questions. :thumbsup:

 

 

what do you mean by manually restart? hold the power button off and on again?

Yes, if necessary, but usually you can do the Restart from the Start (button in the lower left) and Shut Down. All I really mean is that...I told OTL to Reboot your machine, but, sometime there is still Malware that prevents it and OTL can't, so I need you to do it.

 

 

also, if you don't mind me asking, what will the cleaning with the OTL actually do? Is it 100% safe?

 

Happy to answer that question, but I'm going to tease you a little first. ;)  You have uTorrent on your computer. It's a Peer-to-Peer (P2P) program that either you or someone you allowed to use your computer, specifically downloaded and installed on your computer (that we will talk it later in more detail).  P2P programs are known for allowing all forms of infection and causing much misery to the user, however, you're worried about OTL? :rofl:   Seriously, OTL has functionality as follows. It can scan, assess and report. It can move and delete files. It can scan, modify, add or delete Registry values. I would offer that OTL is quite safe but there is always the possibility of a "something' happening. A sudden glitch on your computer when OTL is doing something. Seriously, there are a myriad of issues that can come up while clearing Malware from the computer. The tool is rarely the issue. 


  • 0

#7
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi, :)

 

I'd be happy to answer your questions. :thumbsup:

 

 

what do you mean by manually restart? hold the power button off and on again?

Yes, if necessary, but usually you can do the Restart from the Start (button in the lower left) and Shut Down. All I really mean is that...I told OTL to Reboot your machine, but, sometime there is still Malware that prevents it and OTL can't, so I need you to do it.

 

 

also, if you don't mind me asking, what will the cleaning with the OTL actually do? Is it 100% safe?

 

Happy to answer that question, but I'm going to tease you a little first. ;)  You have uTorrent on your computer. It's a Peer-to-Peer (P2P) program that either you or someone you allowed to use your computer, specifically downloaded and installed on your computer (that we will talk it later in more detail).  P2P programs are known for allowing all forms of infection and causing much misery to the user, however, you're worried about OTL? :rofl:   Seriously, OTL has functionality as follows. It can scan, assess and report. It can move and delete files. It can scan, modify, add or delete Registry values. I would offer that OTL is quite safe but there is always the possibility of a "something' happening. A sudden glitch on your computer when OTL is doing something. Seriously, there are a myriad of issues that can come up while clearing Malware from the computer. The tool is rarely the issue. 

 

yeah, only because I haven't used the program before yesterday, so I just wanted to make sure (and quite frankly I haven't had any problems with utorrent yet, unless of course, the infection came from something I dl'd from there which wasn't a .cbz file, which, then, is my stupidity, but I digress. In all seriousness, thank you for your help)

 

Another question, I have Junkware Removal Tool and ADW already installed, would you rather I download it again and save it to desktop, or just move it to the desktop, or uh, uninstall, and reinstall on the desktop?

 

(I'm reading that last sentence now, it sounds a bit sarcastic, but that's not really the case. It's just my first time doing something like this, with all those programs, and, again, I thank you for guiding me through this elaborate guide here)


  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I haven't had any problems with utorrent yet

 

Well, I think you've got some now :)

At a real basic level let me explain with an analogy. You've locked the doors and secured the windows to your house. Everything that is an entrance or exit from your house is closed and locked...except one little hole that you opened up for uTorrent. And, why not, they appear to be very nice people. However, when you least expect it through that hole and no other, curds and scallywags climb through the hole and ransack your house! You tell the police, "I locked up everything". You did...except one very serious hole that few can see except you and me...uTorrent. There are ways to run P2P and minimize your issues and we'll talk about those, but right now, please don't use it until we're done here.

 

You can use your version of adw and JRT, just make sure you update to the current version.


  • 0

#9
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

sorry for the late reply, had some IRL drama on my mind, but here's the log

 

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1537228853-612569023-1872746861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\__MACOSX\images folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\__MACOSX folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\images folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1537228853-612569023-1872746861-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jason
->Temp folder emptied: 2077304 bytes
->Temporary Internet Files folder emptied: 25263597 bytes
->Java cache emptied: 4731226 bytes
->FireFox cache emptied: 17810152 bytes
->Google Chrome cache emptied: 197697722 bytes
->Flash cache emptied: 2184 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45539143 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 280.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08182014_110010
 
Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef0 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef3 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef4 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef5 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef6 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef7 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef8 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007ef9 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007efa not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007efb not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007efc not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007efe not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007eff not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f00 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f01 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f02 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f03 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f04 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f05 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f98 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f99 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007f9a not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088a3 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088be not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088e6 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088e7 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088e8 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088f3 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088fa not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088fb not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088fd not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088fe not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0088ff not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008900 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008901 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008913 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008916 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008917 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008918 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008919 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00891a not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00891b not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00891c not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00891d not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008920 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008921 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008922 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008923 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008926 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008974 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00897a not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008988 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00898d not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00898e not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008993 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008994 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008995 not found!
File\Folder C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008996 not found!
File move failed. C:\windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
And that's it.
 
It was kinda slow on the reboot, but I guess that's expected.
 
Before i go through with the next parts, I wanna make sure of something. I have McAfee, and when I right click, there isn't an option to exit, like the tutorial said there would be. Is there any other way I can temporarily disable it?

  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I have McAfee, and when I right click, there isn't an option to exit, like the tutorial said there would be. Is there any other way I can temporarily disable it?

 

I honestly don't know. It's sometimes difficult to keep my canned updated for each A/V or situation as the tools change so fast.

 

I will mention now that McAfee is one of my least favorite A/V's. Same with many of my peers. It's resource intensive, boggs down the machine and recently been blamed for BSOD's (Blue Screens) recently. If you've paid for it, you likely want to get your money's worth. If not or when the subscription runs out, there are several free a/v's that run just fine (and in my opinion, better than McAfee). MSE or Defender (whichever is appropriate for your OS) or Avast.


  • 0

Advertisements


#11
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thanks for the advice. I'm not the one paying for the subscription, though, so we'll see what happens. There should be a way to do it somehow. btw, everything with Chrome look okay? Noticed there was a bunch of "file not found"s in the report. Is that normal?


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Chrome look okay? Noticed there was a bunch of "file not found"s in the report. Is that normal?

 

Yup. We call them orphans. It could be functionality that you started and then stopped and in other cases it's functionality that Chrome autoinstalls and until you use it, remains unconnected and hence the tool can't find any source for it. So, it just calls it "file not found". Some I can clean up, other's just come back as soon as you use Chrome again. They don't cause any issues.

 

 

There should be a way to do it somehow.

 

I'm sure there is. Here's a link to one of my least favorite sites, but it looks like it might work. Even if it's not for your version of McAfee, it might get you there anyway. Here.


  • 0

#13
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi, this may or may not be related to the problem.

 

This morning, when I turned on my pc, the hard drive sounded like a cricket, said sounds keep going on and off.

 

What should I do?

 

sorry, with recent events, this kinda just freaked me out

 

edit: It seemed to have stopped now. Just happened when I first turned it on, then I turned it off. and it wouldn't stop till I turned the surge protector off, so then I turned it back on, noise came back for a few mins, haven't heard it since. Might clean the fan)


Edited by SnarkKnight96, 19 August 2014 - 10:20 AM.

  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

We're starting to get out of my area of expertise, but absolutely backup your data! Then, here are a few of the tools that the Hardware folks leverage is a first step.

 

You can test your HD with seatools!

http://www.seagate.c...ols-win-master/

You can test your Ram with Memtest86+ Down load the free version!

http://www.memtest86.com/download.htm

 

This might confirm or rule out your concerns.


  • 0

#15
SnarkKnight96

SnarkKnight96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thanks. I ran a short scan with seatools and it passed, might try another thing later. But uh, that put me at ease. I assume these things aren't really connected, at least, I hope not.


  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, freezing, stormfall, dealkeeper, windows 8, ads, corrupt system files

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP