Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win7 PC slow [Closed]


  • This topic is locked This topic is locked

#1
GandleForge

GandleForge

    New Member

  • Member
  • Pip
  • 5 posts

Pretty slow lately. Chrome takes forever to load, and then quite some time to open and load new tabs. I assume FF and IE are the same, but I never really use them...

 

Here are the OTL logs I just ran, if anyone has some insight into what they say, I'd be much obliged to get a translation!

 

OTL logfile created on: 9/16/2014 7:51:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.38% Memory free
6.50 Gb Paging File | 4.14 Gb Available in Paging File | 63.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.00 Gb Total Space | 12.70 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 467.23 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
 
Computer Name: TARDIS2 | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/28 06:48:04 | 001,521,344 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\bin\steamwebhelper.exe
PRC - [2014/08/28 06:48:02 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2014/08/28 06:48:00 | 001,939,136 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2014/08/05 17:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\downloads\OTL.exe
PRC - [2014/06/25 19:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2014/06/25 19:58:54 | 002,545,968 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/04 07:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2014/03/04 07:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014/03/04 06:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 04:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/02/05 04:32:31 | 015,904,544 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/10/01 19:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 19:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 19:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 15:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/09/26 16:11:04 | 003,070,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\AuthManager\AuthManSvr.exe
PRC - [2013/08/09 13:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/22 11:16:38 | 000,273,688 | ---- | M] (http://tortoisesvn.net) -- F:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/24 02:51:16 | 004,334,272 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/06 00:22:37 | 000,192,512 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\sfamcc00001.dll
MOD - [2014/09/06 00:22:37 | 000,172,032 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\sfareca00001.dll
MOD - [2014/08/28 06:48:14 | 002,224,320 | ---- | M] () -- C:\Program Files\Steam\video.dll
MOD - [2014/08/28 06:48:02 | 000,678,080 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2014/08/21 13:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files\Steam\libavcodec-56.dll
MOD - [2014/08/21 13:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files\Steam\libswscale-3.dll
MOD - [2014/08/21 13:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files\Steam\libavutil-54.dll
MOD - [2014/08/21 13:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files\Steam\libavformat-56.dll
MOD - [2014/08/21 13:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files\Steam\libavresample-2.dll
MOD - [2014/08/20 17:38:18 | 034,589,376 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2014/08/20 17:38:18 | 000,837,824 | ---- | M] () -- C:\Program Files\Steam\bin\ffmpegsumo.dll
MOD - [2014/08/20 17:38:12 | 000,774,656 | ---- | M] () -- C:\Program Files\Steam\SDL2.dll
MOD - [2014/06/25 19:59:06 | 000,548,488 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2014/06/09 23:40:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/06/09 23:39:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/06/09 23:39:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/06/09 23:39:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/06/09 22:53:00 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c5467c14a272823a357b6ea7aec19572\System.WorkflowServices.ni.dll
MOD - [2014/06/09 22:52:36 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebbdeb2224cf7f8b4aa7d039516d17bd\System.ServiceModel.Routing.ni.dll
MOD - [2014/06/09 22:52:35 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5a8617e2c334fde080fbdc73c05fd8b6\System.ServiceModel.Discovery.ni.dll
MOD - [2014/06/09 22:52:34 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7401d47e8eef61dd2770777964c4e481\System.ServiceModel.Channels.ni.dll
MOD - [2014/06/09 22:52:24 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f67a10b051726dcc0d15c9a0c8668a60\System.ServiceModel.Web.ni.dll
MOD - [2014/06/09 22:51:13 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\360603d8efa82557e7fce70287cb242e\WindowsFormsIntegration.ni.dll
MOD - [2014/06/09 22:51:11 | 000,121,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inte#\119bf9852b1e3d584c924b2071c61891\System.Windows.Interactivity.ni.dll
MOD - [2014/06/09 22:51:03 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\927a0770a75cedf18eeb9a6dbbe54afd\System.ServiceModel.Activities.ni.dll
MOD - [2014/06/09 22:51:00 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6769297ceb522c4fe6de2c5e3575812d\System.IdentityModel.ni.dll
MOD - [2014/06/09 22:50:59 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a95ac0b02617b9dadbc5f625586b2aac\System.ServiceModel.ni.dll
MOD - [2014/06/09 22:50:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Practices#\373e63f1856d05d5e083f4da67e5f251\Microsoft.Practices.ServiceLocation.ni.dll
MOD - [2014/06/09 22:50:44 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014/06/09 22:50:32 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5bce8f20c40a761f9d863216fef8f3ce\UIAutomationProvider.ni.dll
MOD - [2014/06/09 22:50:31 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/06/09 22:50:26 | 001,926,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3f0c8a7233cdd1741c75978c900ed398\System.Web.Services.ni.dll
MOD - [2014/06/09 22:50:24 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/06/09 22:50:15 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\cd626ecab8e1657628451408aba720cd\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/06/09 22:50:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\88aec4231adca9f5a4226c83911c4dad\SMDiagnostics.ni.dll
MOD - [2014/06/09 22:50:14 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
MOD - [2014/06/09 22:50:13 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c74e45d841d46ea6a7c203f6f864f555\System.Xml.Linq.ni.dll
MOD - [2014/06/09 22:48:24 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll
MOD - [2014/06/09 22:48:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll
MOD - [2014/06/09 22:48:10 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014/06/09 22:48:08 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/06/09 22:48:06 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014/06/09 22:48:06 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll
MOD - [2014/06/09 22:48:05 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/06/09 22:48:03 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/06/09 22:48:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/06/09 22:48:02 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4bfb0decf7cfe076020f64ee6dd007cc\PresentationFramework.Aero.ni.dll
MOD - [2014/06/09 22:48:01 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/06/09 22:39:48 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
MOD - [2014/06/09 22:39:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2012/06/18 10:24:30 | 000,260,096 | ---- | M] () -- F:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011/10/22 11:16:18 | 000,070,424 | ---- | M] () -- F:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2010/12/11 00:01:27 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/09/10 13:30:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/28 06:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/04 23:18:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/25 19:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2014/06/09 22:17:39 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/03/04 06:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/02/05 04:32:31 | 015,904,544 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014/01/22 12:44:22 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/08 14:50:00 | 004,321,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/10/01 12:41:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - [2014/09/06 01:15:03 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/25 08:11:13 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014/01/20 19:08:01 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140227.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/12/27 13:42:24 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/01 23:23:31 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/12/01 11:37:25 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/01 11:37:25 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/12/01 11:37:25 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/01 11:37:25 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\NAVENG.SYS -- (NAVENG)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/24 07:10:34 | 000,070,440 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/06/21 17:38:26 | 000,042,592 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/29 05:22:12 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/01/20 15:18:26 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2009/12/22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/05/04 20:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/01 07:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2005/01/04 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\pictures\KKC\2012\summer 2012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 A5 E6 BC B8 84 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {DFA28EC9-F135-4F31-8BA0-F3706994FDF2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3391463D-4DEC-471F-8C20-296C0C37428A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.xfinit...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...}&o=15527&l=dis
IE - HKCU\..\SearchScopes\{DFA28EC9-F135-4F31-8BA0-F3706994FDF2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E09B6C57-6D71-4A45-A3CA-6E6B7467FB4E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.order.1: "Xfinity.com Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: csharpformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: javaformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: pythonformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: rubyformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: %7Ba6fd85ed-e919-4a43-a5af-8da18bda539f%7D:2.4.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/26 13:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/26 13:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/01 23:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/09/06 00:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/04 23:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/04 23:18:04 | 000,000,000 | ---D | M]
 
[2012/03/03 18:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2014/09/16 16:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions
[2014/08/22 22:52:16 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2014/09/16 16:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\staged
[2013/09/25 21:16:23 | 000,007,893 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2014/05/18 23:00:34 | 002,298,147 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,014,127 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,007,756 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,014,202 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,720,667 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi
[2014/08/04 21:50:47 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/09/16 16:00:38 | 000,300,373 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/12/01 23:04:31 | 000,000,905 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\searchplugins\yahoo_ff.xml
[2014/08/04 23:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/08/04 23:18:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.facebook.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Angry Birds = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Web Developer = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.6_0\
CHR - Extension: YouTube = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: DivX HiQ = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_1\
CHR - Extension: AdBlock = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Fiddler = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkknfnifmbannmgkdliadghepbneplka\1.0.2_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
CHR - Extension: Hover Zoom = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.4_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014/05/22 12:30:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: capella.edu ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: capella.edu ([remote] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} https://ouvpn.us.ora...lhost/arr_x.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05DA27B-8FBB-4A35-B19C-16A101CC7850}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05DA27B-8FBB-4A35-B19C-16A101CC7850}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/12 16:36:57 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2014/09/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\to sell
[2014/09/07 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\xavier's project
[2014/08/22 23:30:54 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/22 23:30:38 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/22 23:30:38 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/22 23:30:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/20 22:04:13 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/20 22:04:13 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/20 22:04:01 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/20 22:04:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/20 22:04:01 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/20 22:03:33 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/20 22:03:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2014/08/04 23:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/19 22:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/24 23:28:02 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Steve\chromeinstall-6u31.exe
[2011/12/20 00:48:19 | 003,147,344 | ---- | C] (Macroplant, LLC                                             ) -- C:\Users\Steve\iExplorer_Setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2014/09/16 19:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/16 19:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-941433700-1991241529-1048206134-1000UA.job
[2014/09/16 19:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/16 17:09:15 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 17:09:15 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 13:14:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-941433700-1991241529-1048206134-1000Core.job
[2014/09/15 22:11:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/10 13:30:13 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/10 13:30:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/06 00:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/06 00:21:24 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/24 15:16:23 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/24 15:16:23 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/20 22:17:02 | 003,518,946 | ---- | M] () -- C:\Users\Steve\Desktop\project_0056_micro_crossbow.pdf
[2014/08/06 19:46:24 | 000,095,781 | ---- | M] () -- C:\Users\Steve\Desktop\539578_10151098896225775_1377274395_n.jpg
[2014/08/04 15:55:07 | 000,061,946 | ---- | M] () -- C:\Users\Steve\Desktop\4207860063183020.pdf
[2014/08/04 15:54:45 | 000,061,949 | ---- | M] () -- C:\Users\Steve\Desktop\4207858495257697.pdf
[2014/08/03 08:09:15 | 000,218,785 | ---- | M] () -- C:\Users\Steve\Desktop\Minnesota United FC vs. FC Edmonton_1.pdf
[2014/07/25 08:11:13 | 000,080,104 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\AntiLog32.sys
[2014/07/25 08:11:09 | 000,002,153 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/20 22:16:29 | 003,518,946 | ---- | C] () -- C:\Users\Steve\Desktop\project_0056_micro_crossbow.pdf
[2014/08/14 19:09:18 | 000,001,222 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer 8.lnk
[2014/08/06 19:46:17 | 000,095,781 | ---- | C] () -- C:\Users\Steve\Desktop\539578_10151098896225775_1377274395_n.jpg
[2014/08/04 15:55:07 | 000,061,946 | ---- | C] () -- C:\Users\Steve\Desktop\4207860063183020.pdf
[2014/08/04 15:54:39 | 000,061,949 | ---- | C] () -- C:\Users\Steve\Desktop\4207858495257697.pdf
[2014/08/03 08:08:55 | 000,218,785 | ---- | C] () -- C:\Users\Steve\Desktop\Minnesota United FC vs. FC Edmonton_1.pdf
[2012/09/23 13:57:35 | 000,016,766 | ---- | C] () -- C:\Users\Steve\AppData\Local\recently-used.xbel
[2011/10/28 22:57:27 | 015,254,016 | ---- | C] () -- C:\Users\Steve\mumble-1.2.3.msi
[2011/07/18 20:19:07 | 000,038,651 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\UserTile.png
[2011/05/18 20:49:52 | 000,001,940 | ---- | C] () -- C:\Users\Steve\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/21 05:54:57 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 22:31:43 | 000,000,502 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/04 01:24:38 | 000,000,017 | ---- | C] () -- C:\Users\Steve\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 
 
 
 
Here is the extras.txt if that helps too:
 
 
 
 
 

OTL Extras logfile created on: 9/16/2014 7:51:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.38% Memory free
6.50 Gb Paging File | 4.14 Gb Available in Paging File | 63.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.00 Gb Total Space | 12.70 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 467.23 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
 
Computer Name: TARDIS2 | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046EC94D-11BE-41B7-80F8-BB1E0654E1CF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{05CFACB9-0E08-451D-BB70-E8CB9656603D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0AFE2082-5B2B-408A-9F54-0EEF9D3F4C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B9DDEFA-9648-44C3-B4D1-57EB51DDCE5A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{137E3AEE-FEAB-4E87-BE29-79C96B1F8CF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{18544DE0-764C-4008-AF91-93B669B22C1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1F2981CE-FE42-4D60-A7A0-15D42DF729E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{230B94E3-45DB-4CB6-988A-C02A1D2F73C2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{237BB78B-4811-4F9D-88BF-266B85613012}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{282625FB-BAAA-4A8B-850A-E5A09795EC34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2B62DF31-5F5E-4A62-92CB-0689FF3BC30D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{2CCE3003-A997-471D-860F-C29D0D4DC3C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{39B17F7C-6B6C-49C2-BF76-07EA3C48CDC5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{3C525108-4EE2-47B0-941A-B8373060D230}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{3E1FF052-0DF7-4488-8754-6028834A3820}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F3B0B65-C71C-481E-A22B-076CDDEB1D2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{417C2FF6-7B9B-47E8-91C6-C1D5EC5D9CD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{46C678A0-3732-406D-BF3D-974CC2F8529E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{48E8D8C2-29ED-4CA3-99C4-A3997D5C1597}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{48F7A2A9-8890-43C2-A1B8-623D0386A10A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{4B8A3A36-FFC3-4DF4-8E8E-EA98F65A878A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DEDC74A-56D6-4783-AA90-2055FEE8A327}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{5416417C-999C-41A8-B118-775AD5D2AF42}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{58966776-C369-4601-AC75-2C0402D83B8C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A795AA8-0F6A-438B-9D1D-845263FFEDBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5FDB26C0-432B-459D-8338-A9F8189A488A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{61372515-2066-4B0C-9097-E9AC51AEA435}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{62D6F30F-6E29-41EC-AF4B-571866680E2F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A2E4204-4456-4EDE-B23F-B5A98DF15430}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6DDF7312-161C-4DB2-98EE-1F3F83D95164}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7148E6F9-AC8F-4081-9D60-88CFA6074644}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{763E3B17-437F-43FE-8F72-A55A207886E3}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{7C0542D1-F0CF-4714-8A19-46933102FBA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81A28964-57D7-4078-BD51-9AD5977DA8F3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{85FC83BF-1C5E-4B6B-BA10-32520DFDE056}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{8B6454CD-F489-4DF0-9641-380C34A77DC9}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{907CFE93-0433-4A18-9717-55016185A67F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{94DAC403-02C6-4C9D-B113-3741EC9DCE65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{95D45FEA-65A4-4F58-895E-B79113A8C8BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9678E6F9-21F4-45ED-B33B-486FCBCB2E23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{9FE1AECD-49A2-4763-BE32-5DECCC111A7B}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{A0B66936-638E-473D-BCEF-99C289257806}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{A46A7309-9046-468F-A0E9-C0D1B87F021A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A7210B9C-108E-435B-B8D3-C2805E13DBD3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AD777F63-95D7-4071-9A14-4F0ABD4A664C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE443B8B-489C-41E0-AD74-13F555F5B105}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{B084607E-ADC5-4409-A2A9-5F9750959C05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B12EB871-3F3B-4181-AEA6-85FF65278E4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB7D84D3-A260-460F-AC4D-80CA036894DA}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{C5FD356C-AC3E-4E49-8463-58542B242E0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{C9C4FEF5-2DAA-4C5E-83E1-E6FD21AE0C16}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CE956E59-D367-4A3B-BD9F-6A65CDD48FFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D0ACE0F6-5EAB-4299-93F6-01E0F0D22003}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{D1F1F495-27C5-4699-ACF2-0171A76FB18D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4BABD30-403F-4881-A41B-636922BAEE43}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D62B64FC-9F25-44D4-BD14-B68678833389}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{E242B2CB-9203-4543-99C4-B59D48824626}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{E2C4051F-8B50-450D-AAA5-96E0D556FB9E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E4B697E0-D8C1-49AE-A32A-1B4222ECAEB9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E92F305F-5904-4D57-A014-723BD9A4B0A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{EC1F8FD1-1AFD-4EBC-853C-742DBC350F91}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F94FA409-F278-4F46-896D-8CD489BF61EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FA3FE7FF-D329-4DCE-8272-2BBBA2A72F8F}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{FB50F708-0F04-490E-8081-1BEF94C65126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{FCCB7B64-4069-4F27-A751-054CFC83B384}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012A0922-24DD-4BCD-85CF-A2422C2E512F}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\war in the north\witn.exe | 
"{0199BDA7-52FC-448C-B976-07709BE0C44F}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{047E4678-C4E8-4B44-B257-7398AE4BC6F0}" = protocol=17 | dir=in | app=f:\program files\diablo iii\diablo iii.exe | 
"{09562FAD-CC8C-494B-9A81-CCB1E3AD8292}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{0EBC7605-1039-4E72-AF11-DAEC9CC97970}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{168F046F-9816-4E26-81CC-F77547F96251}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{178E25A6-FCA0-4B36-A97C-EF6DC4499C88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19D1C8EB-A2A4-4A38-B9AF-BD76763CB9D2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{1D3EEB59-9D10-43D3-A605-C6AF0D199C2D}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe | 
"{1E098B99-E04E-4676-B8DD-3B71C70200C5}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{1F948BB2-7C6A-4C27-A7BE-ABA4F5872857}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{20598973-1931-4925-AE5F-4928B72DCBCC}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\bastion\bastion.exe | 
"{20931505-4AD3-4568-BA51-B5C114715910}" = protocol=6 | dir=out | app=system | 
"{21684E75-1A07-4574-9728-D77D2DD97D1C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{2401D613-50A6-475E-B962-291A09959A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2659ED37-E4E2-40DF-BC79-3F33BA7884EF}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{2D78C348-6786-4F91-9BF2-C5DD4ED171E4}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{2E0C69FE-79DF-4F26-B3F4-028F7FF29F26}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{30DA83A7-FDEA-4033-9904-144FDD098D7D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{32EA940E-0F64-4B08-BCE0-14895833F792}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{357B9207-931A-4A39-B4CA-295D5BFB5F77}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{37D991EB-D6C3-404D-92C7-D4089864263C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{37ED4A84-2062-4890-854E-A5B49B9A68C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{391B427A-F6FC-43A2-84BA-76BDDAB8C047}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{39767710-4019-474B-940E-4F2A54FA31D2}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\terraria\terraria.exe | 
"{39859365-133D-46A5-9DAE-C25974B8B762}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C5AEC65-1250-4ABD-A62B-EE0B953DA09C}" = protocol=17 | dir=in | app=f:\program files\diablo iii beta\diablo iii.exe | 
"{3C854D23-D543-4A72-B179-F456257CDC84}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{3FF384D6-9E57-4A94-958E-10E01929EB37}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{43806942-9B30-4C89-B268-56FFDF6FFBD5}" = protocol=6 | dir=in | app=f:\program files\crashplan\crashplanservice.exe | 
"{43E1761E-79D4-4A8C-A5DF-7AEA491DC308}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{44D55C77-1DDD-4E4D-BE5B-062BAF6C9FAF}" = protocol=1 | dir=out | [email protected],-28544 | 
"{44F176D3-8A90-44CC-BF89-F8DF014BF5BC}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{4659F2DD-E308-4C86-B0A2-D7F28EE3EEF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{4A3FD7AF-7D72-4FB5-8E3D-880E456F2E85}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\knights of pen and paper\knightspp.exe | 
"{4BE8C4A0-897C-43C1-8716-694B1D634FF5}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{4CCCCB27-AB43-4FA7-BA3F-A15AF6F13E72}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{4CE068C9-2E94-40F7-B076-E97CC9F237C3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{4D63CDC3-CB4E-489C-8610-789D2AFB2399}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{54C36956-4021-40C8-80CB-31E00C064667}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{54E88AC2-D6E0-4975-A58E-0EDF6F032DCA}" = protocol=6 | dir=in | app=f:\program files\battle.net\battle.net.exe | 
"{570EF770-C14E-4B11-84AA-26EFFB08525E}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{571879E7-6495-4EC8-ADB5-F2D70DC0F741}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe | 
"{57E59C96-777C-4FA2-B4A5-981350302F78}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{5B2371EF-FCC5-4878-BA6F-467D9AE7C3D5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{5DAF370D-88F2-4DD6-9090-E63A872B4350}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\war in the north\witn.exe | 
"{6071E19A-A21F-4042-8663-8BACE9BBA9DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{634543AF-154A-450E-A8C8-F5B3C89DDE71}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{651FFCDB-364D-4DB4-B2DA-923E7FA44EBF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{672D0941-8BD3-4952-89D7-2410A081FA2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{68B91F17-FE95-4078-A69D-3D2811E6B001}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{68E4659B-1F06-4D49-9FF8-2EE95824BFF5}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\bastion\bastion.exe | 
"{6C1D24DF-F210-493E-A3EF-DFD5E4F0C679}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{6C723BDE-EEE8-40F3-9D8D-8B35B9E5A150}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{6C864AF4-296E-4BD0-8F52-E9A854072ACF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6FAF366E-49D1-42FF-83F8-AC0D7ADB695B}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{6FD62BD8-6CFB-4800-BCDF-97A43FB346CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{6FEB0CD4-E25A-4259-A583-24B4CAE6C554}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{730CDBED-2350-4E63-94C9-41B757BA94BC}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{764D41A7-02F0-4D1A-83AD-5C82C9D813D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79062850-11AE-45BD-ADCA-808EAC80F1DE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{79B258BE-0344-44F5-86FB-A7AB79F69FD0}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{7AE10AEE-8DAA-4095-AFCA-FC8CF1D28C55}" = protocol=58 | dir=out | [email protected],-28546 | 
"{7B3347A6-F205-48BC-BB0E-5DFE72A3F9F5}" = protocol=17 | dir=in | app=f:\program files\hearthstone\hearthstone.exe | 
"{7BFD9BF9-133D-490D-819C-5C94A8C99D65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{7CD7DE48-5BCE-455F-926C-E465F5EFFBF3}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | 
"{7F6E4EE4-D21A-4DF7-92F6-CC622A89F924}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\scribblenauts\scribble.exe | 
"{84054FA2-4B34-44BD-8828-8D866D538ED2}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\knights of pen and paper\knightspp.exe | 
"{855A9BD3-A900-4818-9EE2-3CC8897189C2}" = protocol=17 | dir=in | app=f:\program files\crashplan\crashplanservice.exe | 
"{8685A8E7-CAE3-4A2C-BF6F-70A6253F08CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{86A58360-732E-4E78-A57E-09CD64218714}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{875203CF-C505-4F54-A0EB-C0337A24AE96}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{8BF5FD67-92C7-4EBC-84F3-B5BF6E77347E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CD3F422-6559-4A12-8D20-5DD69B86F6D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe | 
"{8F4976E6-B53C-4622-9DBD-1C042B6C4855}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{92E30C6E-8865-41B8-84EE-2DFB450A8B10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{94B9CE4B-D442-456D-9371-7040B03E6983}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{9602D634-A2E0-48CE-9586-C7D779EF9D08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{999B4F4A-841B-4D30-B50D-A313E25A6EEE}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9B15F73C-639C-4787-8948-CF3050C326D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E935F1B-4726-4BF7-A0F7-A7AA5AF7CC68}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{9F6D5545-3E1C-4176-A932-B4B4CD5105A5}" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\tversity\media server\mediaserver.exe | 
"{A5D01E87-2FD9-43ED-B201-7257E1F19F3F}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\proteus\proteus.exe | 
"{A81F21F6-2B6A-4194-8B06-FF43DC9B9AC1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{AB97FCCE-42A7-46FD-983D-7923B22242CE}" = protocol=17 | dir=in | app=f:\program files\battle.net\battle.net.exe | 
"{ABDC9645-FD7A-4279-A7F1-E217B806D5F2}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\terraria\terraria.exe | 
"{ACC34EF3-147C-40DB-BC15-2BBB710FE87B}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{B2E9C9F8-AE61-41B1-8547-42AC96A7E66C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3AF116B-20EE-4D5B-8EC4-9F043A3A6F83}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{B3BCB167-B752-4052-98C4-A4DF39E78638}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{B440CDAE-1CC7-4083-BEA6-1F86E6C2ED66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B68BA384-A6A5-42FC-9655-BD4A08912DB2}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\proteus\proteus.exe | 
"{B754FD4B-7A91-48B5-AE14-4B813A7EF935}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{BAD2C35D-C6E9-444D-B2D3-6B9E045A9515}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\proteus\proteus.exe | 
"{BB4E208F-BBA5-4D52-B56C-BB8B5FDE98D5}" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\tversity\media server\mediaserver.exe | 
"{BDB4A3FA-DA49-4FF3-A841-EC2515EA9EB9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{BE0CEAA5-39A3-4FDC-8722-1725D041F8A6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{C60D034E-8775-48D6-B6EB-1D72B82E8116}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{C7ABC1E6-DECF-4A06-9BF6-2747A4A30E6D}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\path of exile\pathofexilesteam.exe | 
"{C7E6D8BE-BFD2-4522-88CD-42AF5A4B21DE}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\magicka\magicka.exe | 
"{C98A6A9E-B3B3-4CB9-835B-B951EEC6098F}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{CB1611EF-C82C-418B-9292-003C5274D751}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{CB253EF7-A9E7-4B22-9A7F-965377E04F8C}" = protocol=58 | dir=out | [email protected]vc.dll,-503 | 
"{CB8FFBF8-38BC-4F39-987F-2522FC46A782}" = dir=in | app=c:\program files\constant guard protection suite\idvault.exe | 
"{CDD2EBD5-8686-4024-B216-D168DD323B79}" = protocol=17 | dir=in | app=f:\steamlibrary\steamapps\common\scribblenauts\scribble.exe | 
"{CF0FE07F-176A-4884-AF4C-E9B8B85F4351}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{CFD15AB5-53EF-4A08-9AE1-DE5508B061FD}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D17D63AD-9ED0-4860-B307-1DCA3C25BA2E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D63E9B13-998B-4067-81A5-35ADA20C1AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{D65D26B7-7885-4F4C-8FD1-09A9A36BE1AC}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\proteus\proteus.exe | 
"{D7AC88AA-3430-49E1-AB8A-8020E8DB3709}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{D8AA03FC-97FF-4832-8A9F-702C753AC592}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{DB19CB65-FDAA-4AF8-8623-DD5654D81FD6}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\magicka\magicka.exe | 
"{DCC9B728-51CE-460F-BA01-EAF7076420F4}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{DF988DD0-9961-4FAA-880F-FFEEAC9D88CC}" = dir=in | app=c:\program files\constant guard protection suite\idvault.exe | 
"{E218DBEC-AAD1-47A6-9265-046D619D02E8}" = protocol=6 | dir=in | app=f:\program files\hearthstone\hearthstone.exe | 
"{E331ED8D-6C21-428B-8785-C041A2A663CD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{E86E7C00-4847-4145-BE33-A4667A267DDF}" = protocol=6 | dir=in | app=f:\program files\diablo iii beta\diablo iii.exe | 
"{E99E08E9-D792-4916-97A5-0FDE47B9E54E}" = dir=in | app=c:\program files\constant guard protection suite\idvault.exe | 
"{EBCC0AB9-A754-4ACE-BCDF-EB0D44E4FB9C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{EBE5A7DD-C46C-4775-87CE-1F6C508893FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe | 
"{F19BEE7E-5BBA-4838-A752-1089111DD586}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F23B45F6-2158-449B-8D12-40F6D07B5063}" = protocol=6 | dir=in | app=f:\program files\diablo iii\diablo iii.exe | 
"{F505422C-90D1-4874-9A07-30775D21D50F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{F53B93DA-2173-4CBF-BFA0-EBA2BE30D00B}" = protocol=6 | dir=in | app=f:\steamlibrary\steamapps\common\path of exile\pathofexilesteam.exe | 
"{FB117890-0881-4632-B59D-D413C33AE946}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{FB3FBB80-492D-4DB2-9AE7-59BDDAB1987D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{FBE23590-03BA-4698-AA90-DA7D9A3E0A80}" = protocol=58 | dir=in | app=system | 
"TCP Query User{0872F077-1142-446F-B77B-696FBC1760F4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{AB19B6BF-52B3-448D-A380-2D5551CF0379}C:\programdata\battle.net\agent\agent.3023\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"TCP Query User{B1C34CF0-AE0F-4F8A-BEE5-52BF53D1C416}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{F756C9E3-2C88-45E0-A228-E3F5D583567A}F:\program files\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=f:\program files\hearthstone\hearthstone.exe | 
"UDP Query User{8FBDAF8B-9A33-455D-B36D-78508F8FD059}F:\program files\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=f:\program files\hearthstone\hearthstone.exe | 
"UDP Query User{9B372941-389D-42CD-B196-275534CE2E12}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{A1068D37-8EE1-4AC9-8D51-633E9FC790DA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{F8EA9E45-EB37-4E6D-B0A2-C7021D13525E}C:\programdata\battle.net\agent\agent.3023\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012C59CF-074A-43DA-8085-B6E636733B59}" = Citrix Receiver(Aero)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E1C5B43-1837-4F98-A96B-79A8A0A5955F}" = Citrix Receiver(USB)
"{17544ACA-6428-424B-926B-8751610836AE}" = TortoiseSVN 1.7.1.22161 (32 bit)
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2711FDC5-B900-4BEB-BD60-D75BEC01AB6B}_is1" = Flyff version V18
"{27132A1F-9174-4C9E-B0F7-2C5584E4CF9F}" = LeapFrog Leapster Explorer Plugin
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CC9C53-A217-4850-B5B2-8C347920E500}" = Microsoft Online Services Module for Windows PowerShell
"{47117FCA-0D00-4B6D-9D68-00B763629463}" = Self-service Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.7.6.367
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5E8AC853-65BB-4C99-A09E-19B81851E14C}" = Citrix Receiver Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9520DDEB-237A-41DB-AA20-F2EF2360DCEB}" = Microsoft Online Services Sign-in Assistant
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}" = LeapFrog Connect
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ADE8A83D-BB70-4FB5-BA19-26C47EA31894}" = Citrix Receiver(DV)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C4E28723-0663-4012-9BDC-E21A14C1316C}" = Citrix Receiver (HDX Flash Redirection)
"{CA55005D-94AC-4596-9646-679D6CC0D620}" = Citrix Authentication Manager
"{CA97CC85-FAF9-4316-9284-0F6CFA67B867}" = calibre
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9EE360A-7C19-47EC-93C7-97DEFF64804B}" = Citrix Receiver Inside
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F390D923-76F1-458E-8218-8C0C156CDCFD}" = Online Plug-in
"{FD1F68EC-75DA-55F4-E2D2-94BE450C0368}" = ATI Catalyst Install Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Battle.net" = Battle.net
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"GIMP-2_is1" = GIMP 2.8.0
"GOGPACKFALLOUT_is1" = Fallout
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"ID Vault" = Constant Guard Protection Suite
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePass Password Safe_is1" = KeePass Password Safe 1.26
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PlayCatan Client" = PlayCatan Access Software
"Recoil Games Rochard" = Rochard
"Rockstar Games Social Club" = Rockstar Games Social Club
"Runic Games Torchlight" = Torchlight
"SixaxisPairTool_is1" = SixaxisPairTool 0.2.3
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding of Isaac
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 200710" = Torchlight II
"Steam App 200900" = Cave Story+
"Steam App 203810" = Dear Esther
"Steam App 204220" = Snapshot
"Steam App 204300" = Awesomenauts
"Steam App 214790" = The Basement Collection
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 219680" = Proteus
"Steam App 220780" = Thomas Was Alone
"Steam App 22330" = The Elder Scrolls IV: Oblivion 
"Steam App 231740" = Knights of Pen and Paper +1
"Steam App 234710" = Poker Night 2
"Steam App 238960" = Path of Exile
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31280" = Poker Night at the Inventory
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 400" = Portal
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 72000" = Closure
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"SystemRequirementsLab" = System Requirements Lab
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.5.0
"UPCShell" = LeapFrog Connect
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 2 (32-bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
"[email protected]@Controller3.Capella Desktop" = Capella Desktop
"[email protected]@Controller3.Internet Explorer 8" = Internet Explorer 8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/5/2014 10:12:07 PM | Computer Name = TARDIS2 | Source = IDVault | ID = 0
Description = Application not started Process with an Id of 2353736 is not running.
 
Error - 8/5/2014 10:12:10 PM | Computer Name = TARDIS2 | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description = 
 
Error - 8/8/2014 11:18:15 PM | Computer Name = TARDIS2 | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, 
time stamp: 0x4f3c6d6c  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea91c  Exception code: 0xc0000005  Fault offset: 0x00034d60  Faulting
 process id: 0x92ed8  Faulting application start time: 0x01cfb37f8ba27d73  Faulting 
application path: C:\Program Files\Google\Update\GoogleUpdate.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: cce64f8b-1f73-11e4-b49c-6c626d059327
 
Error - 8/9/2014 8:46:53 PM | Computer Name = TARDIS2 | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description = 
 
Error - 8/13/2014 11:21:37 PM | Computer Name = TARDIS2 | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, 
time stamp: 0x4f3c6d6c  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea91c  Exception code: 0xc0000005  Fault offset: 0x00034d60  Faulting
 process id: 0xd5880  Faulting application start time: 0x01cfb76d5fa94631  Faulting 
application path: C:\Program Files\Google\Update\GoogleUpdate.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: 1976b9ae-2362-11e4-9806-6c626d059327
 
Error - 8/23/2014 12:09:36 AM | Computer Name = TARDIS2 | Source = IDVault | ID = 0
Description = Application not started Cannot process request because the process
 (2664840) has exited.
 
Error - 8/23/2014 12:09:43 AM | Computer Name = TARDIS2 | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description = 
 
Error - 8/24/2014 11:11:02 PM | Computer Name = TARDIS2 | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17514 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: f98    Start
 Time: 01cfbe8d78339f73    Termination Time: 22    Application Path: C:\Windows\Explorer.EXE
 
Report
 Id: 68f8c518-2c05-11e4-81c3-6c626d059327  
 
Error - 8/26/2014 4:06:50 PM | Computer Name = TARDIS2 | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 36.0.1985.143 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 8d98    Start
 Time: 01cfbe8e57e3a53d    Termination Time: 604    Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Report
 Id:   
 
Error - 9/6/2014 1:19:53 AM | Computer Name = TARDIS2 | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description = 
 
Error - 9/16/2014 8:59:55 PM | Computer Name = TARDIS2 | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
 stamp: 0x4ce792c4  Faulting module name: NeVideoRenderer.ax_unloaded, version: 0.0.0.0,
 time stamp: 0x44a3bdd2  Exception code: 0xc0000005  Fault offset: 0x005db5ed  Faulting
 process id: 0x2503f4  Faulting application start time: 0x01cfd21292e1f5b6  Faulting
 application path: C:\Windows\system32\MsiExec.exe  Faulting module path: NeVideoRenderer.ax
Report
 Id: ef683393-3e05-11e4-97b8-6c626d059327
 
[ Media Center Events ]
Error - 5/19/2012 10:21:35 PM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:21:35 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 10:35:08 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:35:03 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 10:32:50 PM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:32:50 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 4:55:55 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 3:55:55 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 10:18:34 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:18:29 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 10:29:33 PM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:29:33 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 10:04:01 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:03:55 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 10:07:08 PM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:07:08 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 10:48:41 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:48:35 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 6/7/2012 10:31:30 AM | Computer Name = TARDIS2 | Source = MCUpdate | ID = 0
Description = 9:31:25 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 400: The server cannot process the request because the syntax is not valid.  )  
 
[ System Events ]
Error - 9/9/2014 10:56:36 PM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/12/2014 12:42:21 AM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/12/2014 2:28:42 AM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/12/2014 2:28:43 AM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/12/2014 11:12:25 PM | Computer Name = TARDIS2 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 9/12/2014 11:12:25 PM | Computer Name = TARDIS2 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 9/13/2014 11:53:28 AM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/13/2014 3:14:03 PM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/14/2014 10:31:47 PM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 9/16/2014 4:50:08 PM | Computer Name = TARDIS2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
< End of report >
 
 
 
Thanks for looking!

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi and sorry for the delay. At a glance I don't believe you have a malware problem but would be happy to look at your issue.

 

Are you still in need of assistance?


  • 0

#3
GandleForge

GandleForge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Things are still slow for me. If I run OTL and do a scan and then a clean up, sometimes after reboot things seem faster for a while (Chrome especially has much better response times...).

 

If not malware, what else might I check out? I suppose I could have bad RAM, or maybe just a bloated Win7 install...?

 

Thanks for any advice you can give me.


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Let's take a look then.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 
  
 
Please follow the steps below.
 
Step#1 - Warnings
 
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall the following Peer-to-Peer program(s): Vuze
To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

Low on Disk Space
Your C:\ drive is low on disk space. It's recommended to have at least 15% free disk space on each volume to avoid degradation of performance and to allow built-in tools like the defragmenter to do it's job. Please clean up some space if possible so you have at least 15% free disk space.
 
 
Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 
 
Step#3 - OTL Fix
1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 


:Commands
[CreateRestorePoint]
 
:OTL
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
:Commands
[EmptyTemp]

3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
 
Step#4 - ChkDsk Scan
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Hold the left CTRL and SHIFT buttons down on your keyboard while hitting the enter key. Answer Yes when asked to allow.
3. You should now have a black window open that you can type in to.
4. Please type chkdsk and then press enter.
5. Chkdsk will start to run. Please allow it to finish.
6. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.
7. Right-click this file and select Run as administrator and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.
 
 
 
Items for your Next Post
1. AdwCleaner log
2. OTL Fix log
3. ChkDsk Scan log


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Things are still slow for me. If I run OTL and do a scan and then a clean up, sometimes after reboot things seem faster for a while (Chrome especially has much better response times...).

 

If not malware, what else might I check out? I suppose I could have bad RAM, or maybe just a bloated Win7 install...?

 

Thanks for any advice you can give me.

 

Sorry I didn't answer your questions directly. I do see some potential issues with your disk drive (low space and errors). Please follow the instructions I posted and we'll see what else might be the problem.


  • 0

#6
GandleForge

GandleForge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the logs. Again, thanks for the help!
 
 
 
 
 
 
 
 
 
# AdwCleaner v3.310 - Report created 22/09/2014 at 19:47:27
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Steve - TARDIS2
# Running from : F:\downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
Folder Found : C:\Program Files\Common Files\Spigot
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Steve\AppData\Roaming\NCH Software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Found [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
 
*************************
 
AdwCleaner[R0].txt - [4031 octets] - [22/09/2014 19:47:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4091 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

# AdwCleaner v3.310 - Report created 22/09/2014 at 20:59:06
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Steve - TARDIS2
# Running from : F:\downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Steve\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
 
*************************
 
AdwCleaner[R0].txt - [4171 octets] - [22/09/2014 19:47:27]
AdwCleaner[S0].txt - [4093 octets] - [22/09/2014 20:59:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4153 octets] ##########
 
 
 
 
 
 

OTL logfile created on: 9/22/2014 7:24:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.14% Memory free
6.50 Gb Paging File | 4.60 Gb Available in Paging File | 70.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.00 Gb Total Space | 45.17 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 468.76 Gb Free Space | 50.32% Space Free | Partition Type: NTFS
 
Computer Name: TARDIS2 | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/03 22:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/08/05 17:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\downloads\OTL.exe
PRC - [2014/07/11 16:14:20 | 000,118,272 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/07/11 15:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2014/06/25 19:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2014/06/25 19:58:54 | 002,545,968 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2014/03/04 07:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2014/03/04 07:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014/03/04 06:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 04:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/02/05 04:32:31 | 015,904,544 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/10/01 19:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 19:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 19:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 15:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/09/26 16:11:04 | 003,070,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\AuthManager\AuthManSvr.exe
PRC - [2013/08/09 13:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/22 11:16:38 | 000,273,688 | ---- | M] (http://tortoisesvn.net) -- F:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/24 02:51:16 | 004,334,272 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/16 23:31:11 | 000,192,512 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\sfamcc00001.dll
MOD - [2014/09/16 23:31:11 | 000,172,032 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\sfareca00001.dll
MOD - [2014/09/03 22:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014/09/03 22:01:17 | 014,891,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014/09/03 22:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014/09/03 22:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014/09/03 22:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014/09/03 22:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2014/06/25 19:59:06 | 000,548,488 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2014/06/09 23:40:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/06/09 23:39:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/06/09 23:39:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/06/09 23:39:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/06/09 22:53:00 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c5467c14a272823a357b6ea7aec19572\System.WorkflowServices.ni.dll
MOD - [2014/06/09 22:52:36 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebbdeb2224cf7f8b4aa7d039516d17bd\System.ServiceModel.Routing.ni.dll
MOD - [2014/06/09 22:52:35 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5a8617e2c334fde080fbdc73c05fd8b6\System.ServiceModel.Discovery.ni.dll
MOD - [2014/06/09 22:52:34 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7401d47e8eef61dd2770777964c4e481\System.ServiceModel.Channels.ni.dll
MOD - [2014/06/09 22:52:24 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f67a10b051726dcc0d15c9a0c8668a60\System.ServiceModel.Web.ni.dll
MOD - [2014/06/09 22:51:03 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\927a0770a75cedf18eeb9a6dbbe54afd\System.ServiceModel.Activities.ni.dll
MOD - [2014/06/09 22:51:00 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6769297ceb522c4fe6de2c5e3575812d\System.IdentityModel.ni.dll
MOD - [2014/06/09 22:50:59 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a95ac0b02617b9dadbc5f625586b2aac\System.ServiceModel.ni.dll
MOD - [2014/06/09 22:50:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Practices#\373e63f1856d05d5e083f4da67e5f251\Microsoft.Practices.ServiceLocation.ni.dll
MOD - [2014/06/09 22:50:44 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014/06/09 22:50:31 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/06/09 22:50:26 | 001,926,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3f0c8a7233cdd1741c75978c900ed398\System.Web.Services.ni.dll
MOD - [2014/06/09 22:50:24 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/06/09 22:50:15 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\cd626ecab8e1657628451408aba720cd\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/06/09 22:50:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\88aec4231adca9f5a4226c83911c4dad\SMDiagnostics.ni.dll
MOD - [2014/06/09 22:50:14 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
MOD - [2014/06/09 22:50:13 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c74e45d841d46ea6a7c203f6f864f555\System.Xml.Linq.ni.dll
MOD - [2014/06/09 22:48:24 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll
MOD - [2014/06/09 22:48:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll
MOD - [2014/06/09 22:48:10 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014/06/09 22:48:08 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/06/09 22:48:06 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014/06/09 22:48:06 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll
MOD - [2014/06/09 22:48:05 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/06/09 22:48:03 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/06/09 22:48:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/06/09 22:48:02 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4bfb0decf7cfe076020f64ee6dd007cc\PresentationFramework.Aero.ni.dll
MOD - [2014/06/09 22:48:01 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/06/09 22:39:48 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
MOD - [2014/06/09 22:39:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/02/01 13:30:46 | 000,861,184 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
MOD - [2012/06/18 10:24:30 | 000,260,096 | ---- | M] () -- F:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011/10/22 11:16:18 | 000,070,424 | ---- | M] () -- F:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2010/12/11 00:01:27 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/09/10 13:30:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/28 06:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/04 23:18:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/11 15:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2014/06/25 19:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2014/06/09 22:17:39 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/03/04 06:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/02/05 04:32:31 | 015,904,544 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/08 14:50:00 | 004,321,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/10/01 12:41:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - [2014/07/25 08:11:13 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014/01/20 19:08:01 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140227.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/12/27 13:42:24 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/01 23:23:31 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/12/01 11:37:25 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/01 11:37:25 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/12/01 11:37:25 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/01 11:37:25 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\NAVENG.SYS -- (NAVENG)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/24 07:10:34 | 000,070,440 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/06/21 17:38:26 | 000,042,592 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/29 05:22:12 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/01/20 15:18:26 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2009/12/22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/05/04 20:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/01 07:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2005/01/04 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\pictures\KKC\2012\summer 2012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 A5 E6 BC B8 84 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {DFA28EC9-F135-4F31-8BA0-F3706994FDF2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3391463D-4DEC-471F-8C20-296C0C37428A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.xfinit...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...}&o=15527&l=dis
IE - HKCU\..\SearchScopes\{DFA28EC9-F135-4F31-8BA0-F3706994FDF2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E09B6C57-6D71-4A45-A3CA-6E6B7467FB4E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.order.1: "Xfinity.com Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: csharpformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: javaformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: pythonformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: rubyformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: %7Ba6fd85ed-e919-4a43-a5af-8da18bda539f%7D:2.4.0
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/26 13:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/26 13:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/01 23:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/09/16 23:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/04 23:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/04 23:18:04 | 000,000,000 | ---D | M]
 
[2012/03/03 18:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2014/09/19 17:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions
[2014/08/22 22:52:16 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/09/25 21:16:23 | 000,007,893 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2014/05/18 23:00:34 | 002,298,147 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,014,127 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,007,756 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,014,202 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\[email protected]
[2013/09/25 21:16:23 | 000,720,667 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi
[2014/09/19 17:57:23 | 000,300,373 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/12/01 23:04:31 | 000,000,905 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p7xysq06.default\searchplugins\yahoo_ff.xml
[2014/08/04 23:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/08/04 23:18:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.6_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_1\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkknfnifmbannmgkdliadghepbneplka\1.0.2_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.4_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014/05/22 12:30:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: capella.edu ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: capella.edu ([remote] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} https://ouvpn.us.ora...lhost/arr_x.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05DA27B-8FBB-4A35-B19C-16A101CC7850}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05DA27B-8FBB-4A35-B19C-16A101CC7850}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/12 16:36:57 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\to sell
[2014/09/07 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\xavier's project
[2012/02/24 23:28:02 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Steve\chromeinstall-6u31.exe
[2011/12/20 00:48:19 | 003,147,344 | ---- | C] (Macroplant, LLC                                             ) -- C:\Users\Steve\iExplorer_Setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/22 19:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-941433700-1991241529-1048206134-1000UA.job
[2014/09/22 19:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/22 18:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/22 13:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-941433700-1991241529-1048206134-1000Core.job
[2014/09/21 22:11:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/19 21:21:08 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/19 21:21:08 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/18 05:13:30 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/18 05:13:30 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 23:30:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/16 23:30:33 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/10 13:30:13 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/10 13:30:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/23 13:57:35 | 000,016,766 | ---- | C] () -- C:\Users\Steve\AppData\Local\recently-used.xbel
[2011/10/28 22:57:27 | 015,254,016 | ---- | C] () -- C:\Users\Steve\mumble-1.2.3.msi
[2011/07/18 20:19:07 | 000,038,651 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\UserTile.png
[2011/05/18 20:49:52 | 000,001,940 | ---- | C] () -- C:\Users\Steve\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/21 05:54:57 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 22:31:43 | 000,000,502 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/04 01:24:38 | 000,000,017 | ---- | C] () -- C:\Users\Steve\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 
 
 
 
 
 
 
 
 
 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 9/22/2014 9:20:24 PM >------
No Events found for Winlogon, Chkdsk or Wininit!
 
 
 
 
 
 
 
 

  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It doesn't appear that you ran Steps3 & 4 correctly. Let's do them one at a time. Let's just do the OTL Fix first. Please follow the steps below exactly as written and let me know if there are any problems.

 

Step#1 - OTL Fix
1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]
 
:OTL
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
:Commands
[EmptyTemp]

 

3. It should look like #1 below once you have pasted the text in.

 

Fix.JPG

   

4. Click the Run Fix button as shown in #2 above. OTL will ask to reboot the machine. Please do so when asked.
5. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

Items for your next post

1. OTL Fix Log

 

 


  • 0

#8
GandleForge

GandleForge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Sorry, I did actually run the fix. I think I copied the wrong log though:

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-TARDIS2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 80104288 bytes
 
User: Public
 
User: Steve
->Temp folder emptied: 122175923 bytes
->Temporary Internet Files folder emptied: 51976537 bytes
->Java cache emptied: 48221714 bytes
->FireFox cache emptied: 142933461 bytes
->Google Chrome cache emptied: 305101566 bytes
->Flash cache emptied: 3179923 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 129728 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219717375 bytes
RecycleBin emptied: 6680805 bytes
 
Total Files Cleaned = 935.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09222014_210644
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent, now let's run the chkdsk.

 

Step#1 - ChkDsk Scan
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.

2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.

ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk and then press enter.
6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.

Chkdsk.JPG
 

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
8. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.


  • 0

#10
GandleForge

GandleForge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 9/24/2014 4:25:37 PM >------
Category: 0
Computer Name: TARDIS2
Event Code: 26212
Record Number: 50689
Source Name: Chkdsk
Time Written: 09-24-2014 @ 04:46:22
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Cleaning up instance tags for file 0x7d1.
  224256 file records processed.                                         
 
File verification completed.
  716 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  93 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
  275936 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  224256 file SDs/SIDs processed.                                        
 
Cleaning up 3550 unused index entries from index $SII of file 0x9.
Cleaning up 3550 unused index entries from index $SDH of file 0x9.
Cleaning up 3550 unused security descriptors.
Security descriptor verification completed.
  25841 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  35148392 USN bytes processed.                                            
 
Usn Journal verification completed.
Windows has checked the file system and found no problems.
 
 142611455 KB total disk space.
  94738232 KB in 163304 files.
    118592 KB in 25842 indexes.
         0 KB in bad sectors.
    458147 KB in use by the system.
     65536 KB occupied by the log file.
  47296484 KB available on disk.
 
      4096 bytes in each allocation unit.
  35652863 total allocation units on disk.
  11824121 allocation units available on disk.
 
-----------------------------------------------------------------------

  • 0

#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you for the info. Please follow the instructions below. Let's try to get to the bottom of your slowness.

 

Step#1 - Malwarebytes Scan

 

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

Step#2 - ChkDsk on your F: drive

1. Click your Start Orb in the lower left of your computer and type cmd in the search box.

2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.

ElevateCommandPrompt.JPG

 

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk F:  and then press enter.  <----Note: There is a space before F:
6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.

Chkdsk.JPG
 

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
8. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 

 

Step#3 - Internet Speed Check
Would you mind doing this speed test and let me know what is reported?

1. Go to http://www.speedtest.net

2. Wait until the BEGIN TEST button appears and click on it.

    BeginTest.JPG

 

3. When it's finished please let me know the Ping, Download Speed and Upload Speed

    Results.JPG

 

 

Step#4 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your Next Post

1. Malwarebytes Log

2. Chkdsk results

3. Internet Speed test results

4. FRST and Addition logs


  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP