I am jamally,,
.. I looked in my process section of the task manager, and there was twenty or more of the dllhost
.exe Com Surrogate running. some of them was as large as 100,000.... usage percentage was up from
2-9 % all the way to 60 %. I only noticed because my windows were opening a lot slower than usual.
Second thing I noticed was that there was a bunch of shortcut tabs on my home page going to
a bunch of sites that I've never heard of - like my browser was being hi-jacked by a stranger....
I looked up that dllhost..... file and it appears that it's in the 32 folder and only about 7 kb in size.
so i'm thinking something else may be causing these file to appear. especially since it begins it's
redundancy when I :
1 ....connect to the internet, and open tabs,,
2 ....begin a video movie
3... go into my picture files with windows photo-viewer ---
.... can I be helped without format ?? hope so
OTL logfile created on: 9/25/2014 11:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\captn\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17089)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.83 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 57.96% Memory free
15.65 Gb Paging File | 11.48 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.67 Gb Total Space | 1787.87 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Computer Name: 10CHOCTAW | User Name: captn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/09/25 23:18:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\captn\Desktop\OTL.exe
PRC - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/08/17 02:43:25 | 000,775,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/07/22 17:15:56 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/07/16 11:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/07/03 06:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/02/19 06:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/08/15 14:35:26 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/06/21 09:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/16 10:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/16 11:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/07/03 06:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/10 08:32:18 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:64bit: - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/23 17:56:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/05 22:10:03 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/21 09:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/16 10:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/06 10:50:04 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/15 14:34:44 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/08/15 14:34:38 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/08/15 14:34:36 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/08/05 22:09:45 | 004,438,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/05 22:09:22 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/06/21 08:02:43 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/04/30 17:09:12 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/02/15 19:17:02 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/09/26 00:43:28 | 003,752,448 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/09/14 23:29:16 | 001,981,536 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7A1FE267-066C-4ACD-9F7A-3C8E54890A20}
IE:64bit: - HKLM\..\SearchScopes\{7A1FE267-066C-4ACD-9F7A-3C8E54890A20}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7A1FE267-066C-4ACD-9F7A-3C8E54890A20}
IE - HKLM\..\SearchScopes\{7A1FE267-066C-4ACD-9F7A-3C8E54890A20}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 12 35 50 1B B5 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\captn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
O1 HOSTS File: ([2014/09/23 03:06:43 | 000,450,712 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series" /EF "HKCU" File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38993C19-1226-4D77-9C08-E6F1FE8B1104}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/09/25 23:18:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\captn\Desktop\OTL.exe
[2014/09/23 21:18:23 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\captn\Desktop\procexp.exe
[2014/09/23 21:17:34 | 000,000,000 | ---D | C] -- C:\Users\captn\AppData\Roaming\WinRAR
[2014/09/23 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/09/23 21:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/09/23 21:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/09/23 02:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/09/23 02:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/09/23 02:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/09/02 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\captn\fantasy
[2014/08/28 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\captn\AppData\Local\ToolAssistant
========== Files - Modified Within 30 Days ==========
[2014/09/25 23:18:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\captn\Desktop\OTL.exe
[2014/09/25 23:14:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 23:14:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 23:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/25 23:06:51 | 2008,457,215 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/25 22:56:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/25 22:48:36 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/25 22:32:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {111E5B54-64F2-4169-88BE-D3D2B5E442D8}.job
[2014/09/25 22:32:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {111E5B54-64F2-4169-88BE-D3D2B5E442D8}.job
[2014/09/24 14:49:25 | 000,000,164 | ---- | M] () -- C:\Users\captn\Documents\cc_20140924_144913.reg
[2014/09/24 14:48:48 | 000,033,040 | ---- | M] () -- C:\Users\captn\Documents\cc_20140924_144835.reg
[2014/09/23 03:06:43 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/23 03:01:51 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140923-030643.backup
[2014/09/23 03:00:29 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini
[2014/09/23 02:46:21 | 000,001,308 | ---- | M] () -- C:\Users\captn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/09/23 02:46:21 | 000,001,284 | ---- | M] () -- C:\Users\captn\Desktop\Spybot - Search & Destroy.lnk
[2014/09/23 00:28:09 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/15 20:39:06 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/09/11 08:57:26 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\captn\Desktop\procexp.exe
[2014/09/11 03:05:19 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 03:05:19 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 03:05:19 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 03:04:13 | 000,774,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/02 16:19:12 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/08/28 03:17:38 | 000,268,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2014/09/24 14:49:22 | 000,000,164 | ---- | C] () -- C:\Users\captn\Documents\cc_20140924_144913.reg
[2014/09/24 14:48:37 | 000,033,040 | ---- | C] () -- C:\Users\captn\Documents\cc_20140924_144835.reg
[2014/09/23 03:00:29 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2014/09/23 02:46:21 | 000,001,308 | ---- | C] () -- C:\Users\captn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/09/23 02:46:21 | 000,001,284 | ---- | C] () -- C:\Users\captn\Desktop\Spybot - Search & Destroy.lnk
[2014/06/11 22:46:01 | 000,000,036 | ---- | C] () -- C:\Windows\XP-610.ini
[2013/11/20 02:36:57 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/15 09:25:36 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/11/15 09:25:36 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/11/15 09:25:36 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/26 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Acer
[2014/05/08 00:38:13 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Acoustica
[2014/09/06 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Audacity
[2014/05/08 00:33:24 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\AVG2014
[2014/05/08 00:36:11 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Canneverbe Limited
[2014/09/25 23:04:21 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\DMCache
[2014/08/09 13:43:22 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Epson
[2014/09/25 23:04:30 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\IDM
[2014/05/26 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Leader Technologies
[2014/05/26 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Leadertech
[2014/07/17 01:42:42 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\Oracle
[2014/05/08 00:32:57 | 000,000,000 | ---D | M] -- C:\Users\captn\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >
something the software added that shouldbe seen here ...
>
>
OTL Extras logfile created on: 9/25/2014 11:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\captn\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17089)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.83 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 57.96% Memory free
15.65 Gb Paging File | 11.48 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.67 Gb Total Space | 1787.87 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Computer Name: 10CHOCTAW | User Name: captn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A20D723-3946-412F-9F49-BA4765905240}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10AB86E7-1C6D-42AD-B282-08A0510D46B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11C0418D-2BB8-4E5C-AD22-587528DCB8A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13F5B9FC-CF97-41E3-A812-2BF8BB3D1771}" = lport=137 | protocol=17 | dir=in | app=system |
"{21093BCE-2275-4DA7-8757-513C2AEBA164}" = lport=139 | protocol=6 | dir=in | app=system |
"{28C21C88-7895-44F9-BE5A-AACCE65520EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E333304-5F81-41E8-AAB3-4ED00F913CCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3A728F80-29B9-4BB5-9305-DB01E6E9FCE5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48EAF67E-4D07-4147-9309-951C12327EB9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{655E1F1A-4D58-4D43-A6EE-B28491C77135}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69B71DEE-A9A1-43C6-8B3E-FC5A806569F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{7406361F-8780-47D5-91D2-933540CD6F14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75227E9E-4D11-4CAB-8425-2BD7E4B5A402}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C7269F7-40CA-4CFB-A7C4-ADADD0FC2506}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3B62E9F-4D2C-4C29-BCAC-41A3DBA0FD80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8BFBE45-E3EF-4973-B7B4-82E6AC8931E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBF63038-7808-4EEF-A5C5-B620669601A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{C0D215B4-8EEA-4981-9DC3-9F07C4C027D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4967022-CBDB-48A2-A21A-7825D16A99F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD0F3E67-BB9F-41A3-96F9-98B7420A559D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1DDEC19-69A8-4448-90F3-3C4C8B021500}" = lport=138 | protocol=17 | dir=in | app=system |
"{D6CCAB56-DB25-4D63-8EE0-3E6462DB4F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3318C2E-E5F4-499B-95A4-12DB25A56F58}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{E58E0EDD-8904-4C23-A5DD-1C98ABAD4563}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F09FCF-30F5-4146-99B1-24562DE76F3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1F840E03-7655-4378-94F9-30226F0C09D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{2A236589-69A5-4745-8481-F720335C2DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41F65F74-0083-4600-9BD5-288C7E5DB1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{436A2355-BCB0-426A-A7EB-627A84843170}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{46A6A57B-8784-4AE3-9900-7B8B2ABAC34A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E1F026D-3514-49AB-81EB-050C83ECC3DB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{5B78B119-D366-487A-9BD3-F1D215837383}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E92EBC0-1BE4-43A0-ACA5-4087BFBBEB7D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61A1CE57-3DA7-4126-9846-9A63C59E648D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{6776E962-A3F6-4567-90F7-DD04591AC0E2}" = protocol=58 | dir=in | [email protected],-28545 |
"{782A3FB2-AC22-4A29-ABDF-1C9E2E4C1974}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{7831AEAC-7FFB-4DF4-8F32-F2608C7CDD19}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F0E840A-0487-4339-8ACC-3DA2881A0C57}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{86078FAE-6AA0-41BB-9E46-2AC9DC4A9748}" = protocol=58 | dir=out | [email protected],-28546 |
"{8AC8777B-3D7F-4343-8088-4BE06F1C1D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D389281-03AE-47C1-B632-0DB181CB30E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A726B417-71BD-43EC-8422-C14750DA5043}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{A9878A5B-B771-4079-8757-EA31CC29A635}" = protocol=1 | dir=in | [email protected],-28543 |
"{AE94664D-0E72-4EB9-881A-50D0CB9B495C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5807158-99F6-4885-AB6A-5B92D4C856DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{B9760FA6-5F94-4D67-B3F1-B5DD11CCA31E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C25BC930-21E1-4BFF-9FC4-8B4C9B8910A2}" = protocol=1 | dir=out | [email protected],-28544 |
"{C30D8ABC-7698-4201-B906-662590B2A54B}" = protocol=6 | dir=out | app=system |
"{C58F8841-3B83-4E06-B7D5-4510B890D760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C879693D-3B0C-4C9F-8202-F6FC0796DF9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCF1B0C3-D981-4A14-B744-2D514699D7AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6EF8F03-EE3B-4678-B93A-AB127EB512C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EED50737-305C-4FAA-A8E6-65D96B455B13}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"TCP Query User{25D8A8F9-0EA6-4026-9D17-C2648DF4790B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{749D1A64-0F57-41CF-A34D-E80E753DA661}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{64A632F8-6E86-4588-8556-4C09FCEC0315}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C0245FAD-5A7A-4B1F-8FB5-D89524A67194}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11FC30D9-3004-4FCA-912B-AF8CB65AED9C}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B42D82E8-FF97-48BB-91AA-86717B2B6B16}" = AVG 2014
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{F509C1F4-0029-49F9-B145-A4C4E8DF481A}" = paint.net
"AVG" = AVG 2014
"CCleaner" = CCleaner
"EPSON XP-610 Series" = EPSON XP-610 Series Printer Uninstall
"WinRAR archiver" = WinRAR 5.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2970697F-2A11-4588-8B7F-97322D1CCF3C}" = Epson Event Manager
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.12)
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}" = Software Updater
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Audacity_is1" = Audacity 2.0.5
"AVS Audio Editor_is1" = AVS Audio Editor 7.2
"AVS Media Player_is1" = AVS Media Player 4.2.2.104
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8.5
"CDex" = CDex - Open Source Digital Audio CD Extractor
"EPSON Scanner" = EPSON Scan
"FastStone Image Viewer" = FastStone Image Viewer 4.9
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = ESENT | ID = 455
Description = Windows (3236) Windows: Error -1811 occurred while opening logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000C8.log.
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 9000
Description =
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 7040
Description =
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 7042
Description =
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 9002
Description =
Error - 8/22/2014 12:46:45 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 3029
Description =
Error - 8/22/2014 12:46:51 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 3029
Description =
Error - 8/22/2014 12:46:51 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 3028
Description =
Error - 8/22/2014 12:46:51 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 3058
Description =
Error - 8/22/2014 12:46:51 AM | Computer Name = 10choctaw | Source = Windows Search Service | ID = 7010
Description =
[ Media Center Events ]
Error - 9/24/2014 8:23:56 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 8:23:56 PM - Error connecting to the internet. 8:23:56 PM - Unable
to contact server..
Error - 9/24/2014 8:24:02 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 8:24:01 PM - Error connecting to the internet. 8:24:01 PM - Unable
to contact server..
Error - 9/24/2014 9:24:06 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 9:24:06 PM - Error connecting to the internet. 9:24:06 PM - Unable
to contact server..
Error - 9/24/2014 9:24:11 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 9:24:11 PM - Error connecting to the internet. 9:24:11 PM - Unable
to contact server..
Error - 9/24/2014 10:27:27 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 10:27:27 PM - Error connecting to the internet. 10:27:27 PM - Unable
to contact server..
Error - 9/24/2014 10:27:32 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 10:27:32 PM - Error connecting to the internet. 10:27:32 PM - Unable
to contact server..
Error - 9/25/2014 12:33:16 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 12:33:16 PM - Error connecting to the internet. 12:33:16 PM - Unable
to contact server..
Error - 9/25/2014 12:33:25 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 12:33:21 PM - Error connecting to the internet. 12:33:21 PM - Unable
to contact server..
Error - 9/25/2014 1:39:13 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 1:39:13 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')
Error - 9/25/2014 2:41:17 PM | Computer Name = 10choctaw | Source = MCUpdate | ID = 0
Description = 2:41:13 PM - Error connecting to the internet. 2:41:13 PM - Unable
to contact server..
[ System Events ]
Error - 8/4/2014 10:51:33 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:52:03 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:52:33 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:53:03 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:53:33 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:54:03 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:54:33 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:55:03 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:55:33 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 8/4/2014 10:56:03 PM | Computer Name = 10choctaw | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
< End of report >
Edited by Dakeyras, 26 September 2014 - 06:06 AM.
Removed email address for safety reasons etc.