Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Minor Changes Happening (Hackers?)


  • Please log in to reply

#1
Pepanee

Pepanee

    Member

  • Member
  • PipPip
  • 20 posts

Hi, minor changes in settings/files have been happening. This is annoying and puts me in a not-so-preferred state of mind for me or others around me. 

 

Here's the OTL log:

 

OTL logfile created on: 12/5/2014 10:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.93 Gb Total Physical Memory | 6.50 Gb Available Physical Memory | 81.94% Memory free
15.93 Gb Paging File | 14.31 Gb Available in Paging File | 89.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114.15 Gb Total Space | 52.82 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
Drive X: | 465.11 Gb Total Space | 268.38 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive Y: | 697.98 Gb Total Space | 227.90 Gb Free Space | 32.65% Space Free | Partition Type: NTFS
 
Computer Name: AIMANS-DESKTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/05 22:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2014/11/24 22:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/25 12:29:35 | 006,053,744 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2014/08/03 12:23:52 | 000,774,416 | ---- | M] (CompSoft) -- X:\Other Stuff\Programs\Howard\1.26\Howard 1.26.exe
PRC - [2013/12/12 18:47:54 | 002,326,624 | ---- | M] (Nullsoft, Inc.) -- X:\Other Stuff\Programs\Winamp\Winamp\winamp.exe
PRC - [2012/06/13 16:37:17 | 000,321,536 | ---- | M] (James Garton) -- X:\Other Stuff\Programs\Desktop WallPaper Master\2.16\Desktop WallPaper Master 2.16.exe
PRC - [2011/02/04 05:24:32 | 002,346,496 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\Rainlendar2.exe
PRC - [2010/10/29 11:04:34 | 006,433,280 | ---- | M] (Insight Software Solutions, Inc.) -- X:\Other Stuff\Programs\Macro Express\4.2.1.1 Professional\MacExp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/24 22:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/24 22:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/24 22:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/24 22:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2013/10/23 01:42:48 | 000,013,312 | ---- | M] () -- X:\Other Stuff\Programs\Winamp\Winamp\Plugins\gen_yar.dll
MOD - [2011/02/04 05:24:58 | 000,105,984 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\plugins\IniFormatPlugin.dll
MOD - [2011/02/04 05:24:38 | 000,195,584 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\plugins\iCalendarPlugin.dll
MOD - [2011/02/04 05:24:32 | 002,346,496 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\Rainlendar2.exe
MOD - [2010/12/13 02:06:26 | 000,638,976 | ---- | M] () -- X:\Other Stuff\Programs\Winamp\Winamp\Plugins\ml_ipod.dll
MOD - [2010/12/13 02:03:34 | 000,069,632 | ---- | M] () -- X:\Other Stuff\Programs\Winamp\Winamp\Plugins\ml_ipod\ui.dll
MOD - [2010/12/12 02:58:14 | 000,502,784 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 02:58:00 | 000,131,584 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 02:57:56 | 000,485,376 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 02:57:44 | 000,707,584 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 02:57:36 | 002,633,216 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 02:56:46 | 001,205,760 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\wxbase28u_vc_rny.dll
MOD - [2010/05/23 10:20:04 | 000,126,976 | ---- | M] () -- X:\Other Stuff\Programs\Rainlendar\2.8.1\lua51.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/30 20:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 20:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/10/28 19:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 19:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/28 18:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 18:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 18:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 18:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 18:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/10/28 18:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 17:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 17:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/28 17:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 17:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 17:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 17:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 17:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/28 17:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 17:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 17:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 17:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 17:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 17:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 17:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 17:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 17:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 17:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 17:11:10 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/28 17:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/28 17:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 16:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/28 16:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 16:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/21 19:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 19:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2014/10/28 19:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/28 17:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 17:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/28 16:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:48:49 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/12/06 06:47:20 | 001,229,528 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/06 06:47:20 | 000,662,232 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/28 19:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 19:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/28 19:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 19:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 18:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 18:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/10/28 18:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 18:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 18:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 18:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 00:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/12 18:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 18:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 18:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/08 01:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/10/06 22:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/10/06 22:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/06 22:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/09/21 19:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 19:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 18:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 16:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/19 19:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/19 14:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2014/03/13 04:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/02/22 07:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 04:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/14 18:32:04 | 000,022,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2013/12/06 06:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/10/25 17:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 07:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/29 20:14:11 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 19:54:38 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/09/29 19:54:24 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/09/29 19:54:24 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/09/29 19:54:24 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/09/29 19:54:24 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/09/29 19:54:24 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 06:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/05/12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\E6B4.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009/04/21 13:12:50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 E9 29 EE 92 C0 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.24.1_0\ietab_nm_
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.24.1_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbapkenihbgjhhkjolkdhlmieocnngfp\2.14.2_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi\0.9.7.1_0\
 
O1 HOSTS File: ([2014/11/23 17:10:36 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKCU..\Run: [7 Taskbar Tweaker] X:\Other Stuff\Programs\Utility & Security Applications\Utility Applications\7+ Taskbar Tweaker\4.5.1\7+ Taskbar Tweaker.exe (RaMMicHaeL)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop WallPaper Master 2.16.lnk = X:\Other Stuff\Programs\Desktop WallPaper Master\2.16\Desktop WallPaper Master 2.16.exe (James Garton)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Howard 1.26.lnk = X:\Other Stuff\Programs\Howard\1.26\Howard 1.26.exe (CompSoft)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk =  File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainlendar.lnk = X:\Other Stuff\Programs\Rainlendar\2.8.1\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6313BE3-4CB3-448C-8A9F-2882FC26ADC2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/28 20:05:11 | 000,000,041 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/07/12 08:20:59 | 000,000,057 | -H-- | M] () - X:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/08/25 18:04:19 | 000,000,078 | -H-- | M] () - Y:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/05 22:05:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014/11/30 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\YCanPDF
[2014/11/30 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Investintech.com Inc
[2014/11/28 20:27:56 | 000,000,000 | ---D | C] -- C:\Windows\!Old
[2014/11/23 17:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/11/23 17:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/11/23 17:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/11/19 22:45:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieBrowserModeList
[2014/11/19 15:30:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2014/11/19 15:22:02 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/11/19 14:39:16 | 000,200,192 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\DscCoreConfProv.dll
[2014/11/14 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2014/11/14 15:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/14 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/11/11 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\iWesoft
[2014/11/11 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Image Extractor
[2014/11/07 21:14:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Astro Gemini Software
[2014/11/07 21:14:09 | 001,056,768 | ---- | C] (FreeImage) -- C:\Windows\SysWow64\FreeImage.dll
[2014/11/07 21:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astro Gemini Software
[2014/11/07 10:58:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Bizarre Creations
[2014/11/07 10:03:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/11/07 10:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/11/07 10:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/05 22:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014/12/05 21:09:37 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/05 19:52:51 | 000,835,300 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/05 19:52:51 | 000,707,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/05 19:52:51 | 000,131,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/05 16:09:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/05 10:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/04 15:19:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/04 15:19:50 | 2517,155,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/02 02:06:39 | 000,007,605 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2014/11/28 23:01:32 | 007,821,071 | ---- | M] () -- C:\Users\Admin\Desktop\Deltron 3030- 3030 Instrumental.mp4
[2014/11/28 20:15:48 | 005,031,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/27 21:27:35 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/11/27 21:27:35 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2014/11/25 15:10:29 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/22 13:51:20 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2014/11/15 10:12:12 | 000,002,318 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/14 17:44:50 | 000,002,179 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/02 02:06:39 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2014/11/28 22:59:13 | 007,821,071 | ---- | C] () -- C:\Users\Admin\Desktop\Deltron 3030- 3030 Instrumental.mp4
[2014/11/28 20:14:56 | 005,031,224 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/27 21:23:51 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/11/27 21:23:51 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/11/19 14:38:43 | 000,142,848 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/11/19 14:38:43 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/11/19 14:38:31 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\BthpanContextHandler.dll
[2014/11/19 14:38:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\BWContextHandler.dll
[2014/11/19 14:38:14 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2014/11/19 14:37:10 | 000,389,020 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/11/19 14:37:09 | 000,002,412 | ---- | C] () -- C:\Windows\SysNative\KeyboardFilterShim.sdb
[2014/11/14 17:44:50 | 000,002,179 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/11/14 17:44:50 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2014/11/14 15:58:28 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/14 15:58:00 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 15:57:53 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/07 17:52:01 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/09/04 19:41:56 | 000,000,410 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2014/09/02 16:19:43 | 000,001,182 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/27 22:05:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/08/25 10:51:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2014/08/25 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/10/28 19:57:39 | 022,295,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/28 19:10:55 | 019,734,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 17:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 16:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 17:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/24 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashisoft
[2014/11/07 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Astro Gemini Software
[2014/12/05 22:09:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2014/09/23 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Boilsoft
[2014/12/05 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ClassicShell
[2014/08/30 17:29:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dexpot
[2014/11/20 22:16:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HandBrake
[2014/08/31 12:38:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImageVerifier
[2014/10/23 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KLS Soft
[2014/09/03 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LockHunter
[2014/10/10 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Locktime
[2014/10/08 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Locktime Software
[2014/09/14 20:32:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mp3tag
[2014/08/31 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice
[2014/09/03 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Outertech
[2014/09/09 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SolSuite
[2014/09/04 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinISO Computing
[2014/11/30 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YCanPDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 73 bytes -> C:\Users\Admin\SkyDrive:ms-properties
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D2F2F703
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:76650B61
 
< End of report >

Edited by Pepanee, 06 December 2014 - 12:20 AM.

  • 0

Advertisements


#2
Pepanee

Pepanee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

And here's the Extras file:

 

OTL Extras logfile created on: 12/5/2014 10:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.93 Gb Total Physical Memory | 6.50 Gb Available Physical Memory | 81.94% Memory free
15.93 Gb Paging File | 14.31 Gb Available in Paging File | 89.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114.15 Gb Total Space | 52.82 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
Drive X: | 465.11 Gb Total Space | 268.38 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive Y: | 697.98 Gb Total Space | 227.90 Gb Free Space | 32.65% Space Free | Partition Type: NTFS
 
Computer Name: AIMANS-DESKTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5FDC578B-04AF-46B9-8E53-1951F943BDF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{849776CF-8C10-4DF8-B7B8-89AA459F27F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{11FE84F0-965F-48F0-A295-1FDA1F69CBE5}C:\program files (x86)\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament\system\unrealtournament.exe | 
"TCP Query User{4A3663A9-FFA4-4B62-BCB1-FC07AF6E8546}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"TCP Query User{B675F990-279F-4818-81ED-0DA3BF28219B}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"UDP Query User{2089CAB3-6798-42BD-933A-1B5FC12A14B8}C:\program files (x86)\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament\system\unrealtournament.exe | 
"UDP Query User{5622D011-3BEC-4FC2-9664-F6BD14C14317}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"UDP Query User{64C9DFEE-1BC1-40BB-8A15-84FF3E1811AB}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}" = Classic Shell
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D8D25854-D7F0-45C5-8702-D650A5A23E21}" = Microsoft Baseline Security Analyzer 2.3
"Better File Rename_is1" = Better File Rename 5.48
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"LockHunter_is1" = LockHunter 3.1, 32/64 bit
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.34
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"Adobe Audition 3.0" = Adobe Audition 3.0
"AudioCS" = Creative Audio Control Panel
"Belarc Advisor" = Belarc Advisor 8.4
"BitTorrent" = BitTorrent
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DC++" = DC++ 0.691
"DivX Setup" = DivX Setup
"eMule" = eMule
"GetDiz" = GetDiz
"Google Chrome" = Google Chrome
"Handbrake" = Handbrake 6361 Nightly
"PIXresizer_is1" = PIXresizer
"ScreenSaver Commander" = ScreenSaver Commander
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"UltraISO_is1" = UltraISO Premium V9.62
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/29/2014 5:15:25 PM | Computer Name = Aimans-Desktop | Source = Application Hang | ID = 1002
Description = The program Media Player Classic.exe version 6.4.9.1 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: a08    Start
 Time: 01d00c198c504ec0    Termination Time: 0    Application Path: X:\Other Stuff\Programs\Media
 Player Classic\6.4.9.1\Media Player Classic.exe    Report Id: d2dac643-780c-11e4-82cc-60a44cb522f5
 
Faulting
 package full name:     Faulting package-relative application ID:   
 
Error - 11/29/2014 11:38:12 PM | Computer Name = Aimans-Desktop | Source = Application Hang | ID = 1002
Description = The program Media Player Classic HC.exe version 1.7.6.0 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 5658    Start
 Time: 01d00c4e99eb1e74    Termination Time: 28    Application Path: X:\Other Stuff\Programs\Media
 Player Classic Home Cinema\1.7.6 (64-Bit Edition)\Media Player Classic HC.exe    Report
 Id: 4bc3f64f-7842-11e4-82cc-60a44cb522f5    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 11/30/2014 5:39:59 AM | Computer Name = Aimans-Desktop | Source = Application Hang | ID = 1002
Description = The program Media Player Classic HC.exe version 1.7.6.0 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 6368    Start
 Time: 01d00c8194759336    Termination Time: 103    Application Path: X:\Other Stuff\Programs\Media
 Player Classic Home Cinema\1.7.6 (64-Bit Edition)\Media Player Classic HC.exe    Report
 Id: d61be092-7874-11e4-82cc-60a44cb522f5    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 11/30/2014 6:11:15 PM | Computer Name = Aimans-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Investintech.com
 Inc\Able2Extract 8.0\Able2Extract.exe".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2014 6:11:16 PM | Computer Name = Aimans-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Investintech.com
 Inc\Able2Extract 8.0\Able2Extract.exe".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2014 6:11:17 PM | Computer Name = Aimans-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Investintech.com
 Inc\Able2Extract 8.0\Able2Extract.exe".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2014 6:11:17 PM | Computer Name = Aimans-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Investintech.com
 Inc\Able2Extract 8.0\Able2Extract.exe".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2014 6:11:29 PM | Computer Name = Aimans-Desktop | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 11/30/2014 6:18:11 PM | Computer Name = Aimans-Desktop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.3.9600.17415 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 748    Start
 Time: 01d00cd0b972791e    Termination Time: 0    Application Path: C:\Windows\Explorer.EXE
 
Report
 Id: a9721dae-78de-11e4-82cd-60a44cb522f5    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 12/4/2014 2:47:38 AM | Computer Name = Aimans-Desktop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.3.9600.17415 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 734    Start
 Time: 01d00f275b27f57f    Termination Time: 0    Application Path: C:\Windows\Explorer.EXE
 
Report
 Id: 5482dc3c-7b81-11e4-82cf-60a44cb522f5    Faulting package full name:     Faulting package-relative
 application ID:   
 
[ System Events ]
Error - 12/4/2014 4:42:48 PM | Computer Name = Aimans-Desktop | Source = DCOM | ID = 10010
Description = 
 
Error - 12/4/2014 4:43:18 PM | Computer Name = Aimans-Desktop | Source = DCOM | ID = 10010
Description = 
 
Error - 12/4/2014 7:19:58 PM | Computer Name = Aimans-Desktop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:40:58 PM on ?12/?4/?2014 was unexpected.
 
Error - 12/4/2014 7:20:09 PM | Computer Name = Aimans-Desktop | Source = Service Control Manager | ID = 7001
Description = The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery
 Service service which failed to start because of the following error:   %%1058
 
Error - 12/4/2014 7:20:09 PM | Computer Name = Aimans-Desktop | Source = Service Control Manager | ID = 7001
Description = The Network Connectivity Assistant service depends on the IP Helper
 service which failed to start because of the following error:   %%1068
 
Error - 12/5/2014 3:29:58 PM | Computer Name = Aimans-Desktop | Source = DCOM | ID = 10010
Description = 
 
Error - 12/5/2014 3:30:28 PM | Computer Name = Aimans-Desktop | Source = DCOM | ID = 10010
Description = 
 
Error - 12/5/2014 11:36:28 PM | Computer Name = Aimans-Desktop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 12/5/2014 11:45:55 PM | Computer Name = Aimans-Desktop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 12/6/2014 12:01:40 AM | Computer Name = Aimans-Desktop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
 
< End of report >

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP