Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laggy browsers, 2-3 delays [Closed]

Started by Izzy1665 , Sep 06 2015 07:57 PM

  • This topic is locked This topic is locked

#1
Izzy1665
Posted 06 September 2015 - 07:57 PM

Izzy1665

    Member

  • Member
  • PipPipPip
  • 121 posts

Thank you GTG up front for the assistance both now and previous times.

 

Have IE, Firefox, Chrome and Opera as browsers and they seem to be "laggy". Sometimes it seems like 2-3 seconds wait time before they respond, I notice it most when using Firefox. Last run of AVG Antivirus turned up nothing in results, just ran CCleaner just before running OTL Scan and posting results below.

 

 

OTL logfile created on: 09/06/2015 9:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Living Room\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
 
3.25 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 63.02% Memory free
6.49 Gb Paging File | 4.57 Gb Available in Paging File | 70.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 508.38 Gb Total Space | 76.73 Gb Free Space | 15.09% Space Free | Partition Type: NTFS
Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 205.61 Gb Total Space | 139.03 Gb Free Space | 67.62% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 36.71 Mb Free Space | 36.71% Space Free | Partition Type: NTFS
Drive Z: | 217.42 Gb Total Space | 85.51 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
 
Computer Name: LIVINGROOM-PC | User Name: Living Room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Living Room\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG Web TuneUp\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\AVG Web TuneUp\avgcefrend.exe (AVG Secure Search)
PRC - C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\loggingserver.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Unchecky\bin\unchecky_bg.exe (RaMMicHaeL)
PRC - C:\Program Files\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files\RealNetworks\RealDownloader\downloader2.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
PRC - C:\Users\Living Room\AppData\Local\Skillbrains\lightshot\5.1.4.17\Lightshot.exe (Skillbrains)
PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVG Web TuneUp\libcef.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\log4cplusU.dll ()
MOD - C:\Program Files\AVG Web TuneUp\vprot.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\dtvhooks.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\downloader2.exe ()
MOD - C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll ()
MOD - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater40.1.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe (AVG Secure Search)
SRV - (WtuSystemSupport) -- C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Unchecky) -- C:\Program Files\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RealTimes Desktop Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (RealPlayer Cloud Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (DiagTrack) -- C:\Windows\System32\diagtrack.dll (Microsoft Corporation)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ss_conn_service) -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
SRV - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (pcCMService) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (NitroReaderDriverReadSpool3) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (cleanhlp) -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys File not found
DRV - (catchme) -- C:\Users\LIVING~1\AppData\Local\Temp\catchme.sys File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV - (nvvad_WaveExtensible) -- C:\Windows\System32\drivers\nvvad32v.sys (NVIDIA Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (D-Vitec) -- C:\Windows\System32\drivers\dvitdcnt.sys (D-vitec)
DRV - (zghsdiag) -- C:\Windows\System32\drivers\zghsdiag.sys (ZTE Incorporated)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (pelusblf) -- C:\Windows\System32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...=wtu&sg=&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 32 E1 B7 2A 7F CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg...fr&d=2015-05-0410:40:06&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E9BBD11B-78CC-4566-A14B-155FB7D9F531}: "URL" = http://www.bing.com/...=IESR02&pc=BDT3
IE - HKCU\..\SearchScopes\DFEF316A7DF840789BE026CF4E2A55C1: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/08/18 11:14:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.1: C:\Program Files\ATT\8.5.0.48\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.1: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Living Room\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=18.0.0.112: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=18.0.0.112: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Living Room\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Users\Living Room\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy64.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Living Room\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/12/24 15:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/12/24 15:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/12/24 15:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/12/24 15:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/08/28 13:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/08/28 13:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.8\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/12/15 07:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.8\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2015/07/14 19:29:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/08/28 13:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/08/28 13:31:18 | 000,000,000 | ---D | M]
 
[2011/04/14 20:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Extensions
[2011/10/30 11:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2015/05/15 00:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\3z8ppduy.default-1373299741357\extensions
[2015/08/26 08:24:11 | 000,000,000 | ---D | M] (AVG Web TuneUp) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\3z8ppduy.default-1373299741357\extensions\avg@toolbar
[2013/12/22 10:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\4qub62kd.default\extensions
[2014/07/15 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\6hqykdlp.default-1398349730678\extensions
[2014/07/15 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\6hqykdlp.default-1398349730678\extensions\[email protected]
[2015/09/05 18:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\nv4kstf9.default-1433430423652\extensions
[2014/08/11 22:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\pb75uh1z.default-1405477682861\extensions
[2014/08/11 22:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\pb75uh1z.default-1405477682861\extensions\[email protected]
[2015/09/04 21:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\thfy3268.June 6\extensions
[2015/06/11 21:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\vhjv0il1.default-1423804253271\extensions
[2015/02/25 18:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gcdr6068.default\extensions
[2015/01/28 10:56:03 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Living Room\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gcdr6068.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2015/02/25 18:37:45 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Living Room\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gcdr6068.default\extensions\[email protected]
[2015/02/25 18:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gcdr6068.default\extensions\[email protected]\chrome\inspector\content\inspector\extensions
[2015/07/24 22:14:27 | 000,349,849 | ---- | M] () (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\thfy3268.June 6\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2015/06/09 21:20:38 | 000,099,090 | ---- | M] () (No name found) -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\thfy3268.June 6\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2015/05/15 00:05:49 | 000,014,315 | ---- | M] () -- C:\Users\Living Room\AppData\Roaming\Mozilla\Firefox\Profiles\3z8ppduy.default-1373299741357\searchplugins\avg-secure-search.xml
[2015/08/28 13:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/08/28 13:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015/08/31 13:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/08/28 13:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2015/06/29 09:43:16 | 000,229,608 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/12/15 07:25:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/08/27 13:06:46 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.38.4_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2015/08/28 13:02:29 | 000,001,196 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 11 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.1.6.294\AVG Web TuneUp.dll (AVG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RealDownloader] C:\Program Files\RealNetworks\RealDownloader\downloader2.exe ()
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Web TuneUp\vprot.exe ()
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LightShot] C:\Users\Living Room\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: custhelp.com ([247pearsoned] http in Trusted sites)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4452C8C3-009C-4145-B7DA-90690DDE7A84}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 05:26:40 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/09/06 17:15:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/08/28 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/08/20 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\Living Room\Tracing
[2015/08/20 18:10:34 | 000,000,000 | ---D | C] -- C:\Users\Living Room\AppData\Local\Skype
[2015/08/09 13:45:04 | 000,000,000 | ---D | C] -- C:\Users\Living Room\Desktop\Camera1
[2015/08/09 13:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Android Device USB driver
[2015/08/09 13:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Android Device USB driver
[2015/08/09 13:25:29 | 000,932,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/08/09 13:25:29 | 000,924,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/08/09 13:25:29 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/08/09 13:25:29 | 000,587,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/08/09 13:25:29 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/08/09 13:25:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015/08/09 13:25:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/08/09 13:25:28 | 000,015,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[175 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/09/06 20:43:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/09/06 20:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/06 18:32:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/06 14:08:45 | 000,026,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/09/06 14:08:45 | 000,026,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/09/05 19:01:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/05 18:26:12 | 000,036,095 | ---- | M] () -- C:\Users\Living Room\Desktop\magicnomad.jpg
[2015/09/05 13:48:08 | 000,340,996 | ---- | M] () -- C:\Users\Living Room\Desktop\Ali Irad cheating.jpg
[2015/09/05 13:08:53 | 000,219,206 | ---- | M] () -- C:\Users\Living Room\Desktop\ali irads cheat engine icon on desktop.jpg
[2015/09/05 01:03:21 | 000,013,524 | ---- | M] () -- C:\Users\Living Room\Desktop\shiela.jpg
[2015/09/05 00:30:42 | 860,861,470 | ---- | M] () -- C:\Users\Living Room\Documents\clip0094.avi
[2015/09/05 00:26:03 | 007,850,026 | ---- | M] () -- C:\Users\Living Room\Documents\clip0093.avi
[2015/09/03 18:24:43 | 000,044,653 | ---- | M] () -- C:\Users\Living Room\Desktop\dietsgoinggreatpissoff.jpg
[2015/09/03 16:59:18 | 000,165,570 | ---- | M] () -- C:\Users\Living Room\Desktop\kikass again.jpg
[2015/09/03 14:03:45 | 000,021,896 | ---- | M] () -- C:\Users\Living Room\Desktop\ali.jpg
[2015/09/03 01:52:22 | 000,011,172 | ---- | M] () -- C:\Users\Living Room\Desktop\kjhkj.jpg
[2015/09/03 01:48:48 | 000,046,127 | ---- | M] () -- C:\Users\Living Room\Desktop\liuhhjklhlkjh.jpg
[2015/09/03 01:48:37 | 000,042,281 | ---- | M] () -- C:\Users\Living Room\Desktop\iuyhliokj.jpg
[2015/09/03 01:47:05 | 000,035,462 | ---- | M] () -- C:\Users\Living Room\Desktop\hjbvg,kbhj.jpg
[2015/09/02 20:38:21 | 000,123,709 | ---- | M] () -- C:\Users\Living Room\Desktop\depos.jpg
[2015/09/02 16:04:55 | 000,138,517 | ---- | M] () -- C:\Users\Living Room\Desktop\FAY PARK CACHE.jpg
[2015/09/02 16:04:10 | 000,100,515 | ---- | M] () -- C:\Users\Living Room\Desktop\FAYPARKCACHE.jpg
[2015/09/01 12:55:37 | 000,106,942 | ---- | M] () -- C:\Users\Living Room\Desktop\9of10left.jpg
[2015/08/31 15:48:12 | 000,066,663 | ---- | M] () -- C:\Users\Living Room\Desktop\zydrunis.jpg
[2015/08/31 13:50:49 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2015/08/30 08:41:09 | 000,056,271 | ---- | M] () -- C:\Users\Living Room\Desktop\zynglitching.jpg
[2015/08/30 07:56:26 | 000,045,197 | ---- | M] () -- C:\Users\Living Room\Desktop\sventhesledgejailed.jpg
[2015/08/30 06:54:13 | 000,090,571 | ---- | M] () -- C:\Users\Living Room\Desktop\shakyparts mower cable.jpg
[2015/08/28 17:33:25 | 002,343,268 | ---- | M] () -- C:\Users\Living Room\Desktop\kikass.png
[2015/08/28 13:02:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/08/28 13:02:20 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2015/08/27 22:50:52 | 000,134,712 | ---- | M] () -- C:\Users\Living Room\Desktop\aug27.jpg
[2015/08/23 13:53:19 | 000,017,675 | ---- | M] () -- C:\Users\Living Room\Desktop\PrintAtHome-125320-2015-8-19-9-12-18-PJTPKRWNNH.pdf
[2015/08/23 03:10:35 | 000,664,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/08/23 03:10:35 | 000,122,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/08/18 16:06:58 | 000,146,262 | ---- | M] () -- C:\Users\Living Room\Desktop\paymentscam.jpg
[2015/08/17 20:43:35 | 000,000,118 | ---- | M] () -- C:\Users\Living Room\Desktop\ops 70.url
[2015/08/13 17:02:08 | 000,101,504 | ---- | M] () -- C:\Users\Living Room\Desktop\Snickerdoodle Muffins.jpg
[2015/08/11 22:43:17 | 000,778,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/08/11 22:43:17 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/08/08 23:41:52 | 000,009,486 | ---- | M] () -- C:\Users\Living Room\Desktop\gold for 3secs.jpg
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[175 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/09/05 18:26:12 | 000,036,095 | ---- | C] () -- C:\Users\Living Room\Desktop\magicnomad.jpg
[2015/09/05 13:11:33 | 000,340,996 | ---- | C] () -- C:\Users\Living Room\Desktop\Ali Irad cheating.jpg
[2015/09/05 13:08:53 | 000,219,206 | ---- | C] () -- C:\Users\Living Room\Desktop\ali irads cheat engine icon on desktop.jpg
[2015/09/05 00:26:32 | 860,861,470 | ---- | C] () -- C:\Users\Living Room\Documents\clip0094.avi
[2015/09/05 00:26:00 | 007,850,026 | ---- | C] () -- C:\Users\Living Room\Documents\clip0093.avi
[2015/09/05 00:22:47 | 000,013,524 | ---- | C] () -- C:\Users\Living Room\Desktop\shiela.jpg
[2015/09/03 18:24:42 | 000,044,653 | ---- | C] () -- C:\Users\Living Room\Desktop\dietsgoinggreatpissoff.jpg
[2015/09/03 16:59:18 | 000,165,570 | ---- | C] () -- C:\Users\Living Room\Desktop\kikass again.jpg
[2015/09/03 14:03:32 | 000,021,896 | ---- | C] () -- C:\Users\Living Room\Desktop\ali.jpg
[2015/09/03 01:52:22 | 000,011,172 | ---- | C] () -- C:\Users\Living Room\Desktop\kjhkj.jpg
[2015/09/03 01:48:48 | 000,046,127 | ---- | C] () -- C:\Users\Living Room\Desktop\liuhhjklhlkjh.jpg
[2015/09/03 01:48:36 | 000,042,281 | ---- | C] () -- C:\Users\Living Room\Desktop\iuyhliokj.jpg
[2015/09/03 01:47:03 | 000,035,462 | ---- | C] () -- C:\Users\Living Room\Desktop\hjbvg,kbhj.jpg
[2015/09/02 20:37:42 | 000,123,709 | ---- | C] () -- C:\Users\Living Room\Desktop\depos.jpg
[2015/09/02 16:04:43 | 000,138,517 | ---- | C] () -- C:\Users\Living Room\Desktop\FAY PARK CACHE.jpg
[2015/09/02 16:04:08 | 000,100,515 | ---- | C] () -- C:\Users\Living Room\Desktop\FAYPARKCACHE.jpg
[2015/09/01 12:55:36 | 000,106,942 | ---- | C] () -- C:\Users\Living Room\Desktop\9of10left.jpg
[2015/08/31 15:48:11 | 000,066,663 | ---- | C] () -- C:\Users\Living Room\Desktop\zydrunis.jpg
[2015/08/31 13:50:54 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2015/08/31 13:50:54 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2015/08/30 08:41:09 | 000,056,271 | ---- | C] () -- C:\Users\Living Room\Desktop\zynglitching.jpg
[2015/08/30 07:56:26 | 000,045,197 | ---- | C] () -- C:\Users\Living Room\Desktop\sventhesledgejailed.jpg
[2015/08/30 06:54:13 | 000,090,571 | ---- | C] () -- C:\Users\Living Room\Desktop\shakyparts mower cable.jpg
[2015/08/28 17:33:24 | 002,343,268 | ---- | C] () -- C:\Users\Living Room\Desktop\kikass.png
[2015/08/27 22:50:52 | 000,134,712 | ---- | C] () -- C:\Users\Living Room\Desktop\aug27.jpg
[2015/08/23 13:53:14 | 000,017,675 | ---- | C] () -- C:\Users\Living Room\Desktop\PrintAtHome-125320-2015-8-19-9-12-18-PJTPKRWNNH.pdf
[2015/08/18 16:05:40 | 000,146,262 | ---- | C] () -- C:\Users\Living Room\Desktop\paymentscam.jpg
[2015/08/17 20:43:24 | 000,000,118 | ---- | C] () -- C:\Users\Living Room\Desktop\ops 70.url
[2015/08/13 17:02:08 | 000,101,504 | ---- | C] () -- C:\Users\Living Room\Desktop\Snickerdoodle Muffins.jpg
[2015/08/08 23:41:52 | 000,009,486 | ---- | C] () -- C:\Users\Living Room\Desktop\gold for 3secs.jpg
[2015/04/17 11:32:16 | 000,000,023 | ---- | C] () -- C:\Users\Living Room\jagexappletviewer.preferences
[2015/03/26 12:37:16 | 000,000,032 | ---- | C] () -- C:\Users\Living Room\jagex_cl_runescape_LIVE.dat
[2015/03/17 16:28:41 | 000,000,050 | ---- | C] () -- C:\Users\Living Room\jagex_cl_oldschool_LIVE.dat
[2015/03/17 16:28:41 | 000,000,024 | R--- | C] () -- C:\Users\Living Room\random.dat
[2014/09/09 15:31:42 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2014/09/09 15:31:41 | 000,753,873 | ---- | C] () -- C:\Windows\unins000.exe
[2014/09/09 15:31:41 | 000,067,853 | ---- | C] () -- C:\Windows\unins000.dat
[2014/07/17 09:33:52 | 004,229,086 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014/02/13 21:59:13 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2014/02/13 21:59:13 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2014/02/13 21:01:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2014/02/11 20:45:33 | 000,317,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/12 15:49:37 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/08/06 09:27:51 | 000,001,800 | ---- | C] () -- C:\Users\Living Room\.TransferManager.db
[2013/03/16 01:15:17 | 000,000,632 | RHS- | C] () -- C:\Users\Living Room\ntuser.pol
[2013/01/25 13:24:06 | 000,000,853 | ---- | C] () -- C:\Users\Living Room\AppData\Local\recently-used.xbel
[2012/05/22 00:57:44 | 000,001,056 | ---- | C] () -- C:\Users\Living Room\wxDownloadFast.ini
[2012/03/23 09:27:29 | 000,001,148 | ---- | C] () -- C:\Users\Living Room\AppData\Local\UserProducts.xml
[2012/01/24 10:19:27 | 000,070,477 | ---- | C] () -- C:\Users\Living Room\FCAT Test Schedule 2012.pdf
[2011/12/03 00:46:54 | 000,009,216 | ---- | C] () -- C:\Users\Living Room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/04 11:00:17 | 000,356,694 | ---- | C] () -- C:\Users\Living Room\FCAT Practice_GR4_TheRedFox.pdf
[2011/10/28 10:53:35 | 000,242,564 | ---- | C] () -- C:\Users\Living Room\Q2 Intensive Reading Checklist.pdf
[2011/10/28 10:53:15 | 000,287,596 | ---- | C] () -- C:\Users\Living Room\Good Readers_Ten Pegs.pdf
[2011/08/10 22:19:43 | 000,000,053 | ---- | C] () -- C:\ProgramData\lxdd
[2011/05/14 13:59:14 | 000,007,607 | ---- | C] () -- C:\Users\Living Room\AppData\Local\resmon.resmoncfg
[2011/05/06 11:08:31 | 000,020,485 | ---- | C] () -- C:\Users\Living Room\word-wizard.pdf
[2011/05/06 11:08:22 | 000,019,723 | ---- | C] () -- C:\Users\Living Room\story-connector.pdf
[2011/03/18 22:02:32 | 000,000,522 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 01:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2015/09/04 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\.minecraft
[2015/04/07 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\.technic
[2014/12/02 23:08:17 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\5712
[2014/10/16 00:24:05 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Audacity
[2011/12/14 17:21:47 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Aura DVD Copy
[2015/07/11 10:15:11 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\AVG
[2014/08/22 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\AVG2014
[2014/10/17 23:38:39 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\AVG2015
[2011/10/22 11:02:00 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Azureus
[2012/08/20 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Blackboard
[2014/08/15 12:27:22 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Canon
[2015/06/25 07:39:28 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\chess-a9dc726e4b1d8c5fcc67d388cfc44d40
[2013/12/23 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\CrystalIdea Software
[2011/08/18 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\DassaultSystemes
[2012/07/25 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\DiskAid
[2014/12/04 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Downloaded Installations
[2014/08/16 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\DVDFab9
[2012/01/11 11:24:40 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Elluminate
[2013/08/03 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\EurekaLog
[2013/01/25 13:07:25 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\FileOpen
[2013/08/10 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Garmin
[2011/10/15 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Graphe Easy
[2013/08/03 11:51:51 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\gsak
[2012/01/28 22:19:33 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\ImgBurn
[2013/12/09 22:41:21 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\IObit
[2015/01/26 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\java
[2012/01/02 22:15:10 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Juniper Networks
[2011/12/08 10:39:23 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Lexmark Productivity Studio
[2012/07/04 14:14:05 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Motorola
[2012/12/21 22:55:45 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Motorola Mobility
[2011/12/04 00:58:06 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Moyea
[2013/01/25 13:07:25 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Nitro
[2015/07/31 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Nitro PDF
[2013/07/05 17:59:38 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\OpenOffice.org
[2015/06/14 19:59:22 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Opera Software
[2014/05/18 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Oracle
[2013/11/02 18:30:37 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Paltalk
[2015/07/30 21:47:26 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\PrimoPDF
[2015/04/03 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\raidcall
[2015/06/11 01:02:09 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Samsung
[2015/01/09 22:33:53 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\SecondLife
[2015/03/15 20:15:01 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\SecureMedia
[2014/02/13 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Spotify
[2014/06/09 07:50:06 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\TS3Client
[2013/03/04 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\TuneUp Software
[2012/05/06 01:13:48 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\TweakNow PowerPack 2012
[2011/12/05 17:00:28 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\Unity
[2011/04/30 08:03:01 | 000,000,000 | ---D | M] -- C:\Users\Living Room\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F

< End of report >
 

 

 

 

OTL Extras logfile created on: 09/06/2015 9:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Living Room\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
 
3.25 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 63.02% Memory free
6.49 Gb Paging File | 4.57 Gb Available in Paging File | 70.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 508.38 Gb Total Space | 76.73 Gb Free Space | 15.09% Space Free | Partition Type: NTFS
Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 205.61 Gb Total Space | 139.03 Gb Free Space | 67.62% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 36.71 Mb Free Space | 36.71% Space Free | Partition Type: NTFS
Drive Z: | 217.42 Gb Total Space | 85.51 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
 
Computer Name: LIVINGROOM-PC | User Name: Living Room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.scr [@ = CryptoPreventSCR] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{055CB059-552C-4A20-BB38-988638F6712B}" = rport=139 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0BB14F4E-D657-4D70-82F7-BF9931133694}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0C662482-70EB-471C-B9A0-D1B9D6E2417E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0D8F7C03-CD64-415A-99F1-C9DE7430C058}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0D91252C-8C92-459D-8D29-077BB8FDDCC4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0E0033EE-3B6B-45A1-9B20-BD4BB0F903DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{104027AE-0D27-4120-9FA0-7806DAB83C62}" = rport=138 | protocol=17 | dir=out | app=system |
"{11E31D91-5F8D-4675-9792-6AF16C1D480C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1549AD45-1177-4575-A598-E03431D89E5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BF64D04-ED23-4183-ADEE-C7A99C98AD34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25E40060-407D-4B2A-B255-804339E4D27E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A90D1DE-634E-4017-821D-85AAB5BD397B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33DDB491-D63B-4D83-A994-B295C9FC21E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35E80FB2-13B6-4D5A-8F13-E7C722CA2B29}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35FC3F4C-61F4-4D7E-8683-506EF6EFA6A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38FDBCE0-FD2C-4ECD-BE01-5126271505C6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{39C6615D-E713-4F61-B3E9-458A351DD36D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B70BC9C-D979-4A8A-B254-C5BD6582C4A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E8961FB-7B55-4CBF-9492-BA12B3B9A52F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3FD91891-3C89-44CC-8B9C-1E6F9AB5CE07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AFD7986-DB86-42AE-8064-2680B885C8F8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4B220DBC-133B-4751-9B60-EEB9BDB5FA76}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{4FEA1A32-5388-46A8-A022-BBC73B3795F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52FEBA9E-B26B-4191-B56C-78A7275BB1A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DB1B0B6-33C9-4282-B7F3-B9FD70ED24B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{63678864-2D9D-48C4-AE57-716D07DA3003}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{64F80409-C38E-4157-A911-FC610988F992}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{65EA7E1D-3DAB-49FD-A0CB-DF7A1C1AD007}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{686D4FAD-407A-44BC-A70A-A60EB8DA6768}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68E6D535-6F53-4B55-ABC0-DF3FCED0C553}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B62C6E2-0378-4BF5-84D4-75CA118A6633}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6BAB19C2-E9A3-4429-BA5D-37B7FA259F69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF0F118-1912-4D65-9C80-F998C3F42AD2}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70C7CD42-BF6B-40E9-9000-183321CBF347}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{735ACA3E-F766-462C-926F-6280D6A7E88F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{786A9D66-F796-4BAA-8D85-68445A410DE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79891763-D29E-49C5-961E-7D7E3B5B6F33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{83FD6001-6872-404B-AB55-5B07794AF626}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{864F9CB8-1730-4EED-BDD1-483248EC0409}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{871AE6E3-150C-464F-8382-801B87EC95CC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{88F29AA0-EBA7-42B3-BF8C-3AB54D6AAC62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{893AF5DD-F635-4344-AA83-B85B2A31D5CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B14730F-2E83-491C-9935-A99875ADB71A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D40324A-FDD3-413E-A850-800EF9F8DDEE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D80CF11-DC81-48EC-9F1A-E04ABB059FB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DE8FBB6-CFDA-45D6-81F2-8FF9C3F4803B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95519BDB-A2E5-42CE-B9E6-0E80A9D766D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{95E2C2B7-D7F5-4E8A-BB76-D11AA089D4E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97D7E7D1-39FE-4E20-BEAB-8356001D6701}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DA2D057-33EB-4B53-98BD-81FC627B2DEB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A9BB693E-E05C-4399-8F15-FEF0FDE77275}" = lport=445 | protocol=6 | dir=in | app=system |
"{AB32B5DD-4B5F-492B-A877-37E86A537DB0}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0FD865B-AFED-4EFC-80BE-482452AFD6B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{B6762222-4C4D-44B0-A8A8-8CA75B7E4821}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC2B192E-D22A-4981-A1FD-4987FB7537F3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C365FEA4-D106-47B8-896A-D2F0E9573DB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C828E000-948F-4E26-B59C-52C022AABCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C86EDB0C-5DEE-4FF3-90E6-BCDA2B74386E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D95E1D1B-8EA1-4620-86AC-ABF46A4CCD45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1E63920-29DA-42B3-9605-B93EB9272484}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E94FB135-2CD7-429F-A77A-F9C438410AB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA367717-9E53-4EF4-ABFE-D510995E6FE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC4C0E0C-6456-4493-AED1-8E8F136BE6CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0AAB0D7-6035-4A94-9D4D-A9E99BE979C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3704869-539A-4B1D-8434-99504B91D8A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3ED4200-A6BA-4342-BECC-6F3A7303FB90}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5756EFF-61FB-4CCE-B128-125F7DCFA145}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F74F3AC9-6127-478C-93DB-801C9D585FB4}" = lport=8733 | protocol=6 | dir=in | name=gamesessions |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09F56C96-2415-4A31-BFA8-10C1D249BA53}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{130C777F-4EC5-4D9A-899B-3AA71B8A9A50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1334A7A2-C31F-41D5-A7D0-575A304705ED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgnsx.exe |
"{13A277DA-9DB7-4DA4-A391-BEBD97167421}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15AFFFFC-1838-4F1D-90BC-D72BF5BEBA7B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{15C24C2F-FD1A-42B4-B327-101AC19DA5DD}" = protocol=6 | dir=out | app=system |
"{18B4E411-CA89-4619-BB23-E42F4FF101A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A09601C-B2DE-4585-BA91-B1DE57E6913A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{205733C9-9B69-46DF-9F1B-DCF6B3D59F95}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{214F6AF1-1A1D-4E1D-BFA1-11C330BCF0DF}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{2658DF99-9BBD-42B1-BCFA-97C608C2EFCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{277EC82A-D4A4-45A8-A754-113D8ABD58FA}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{2F1AE1EC-5F23-4CBB-8E07-522A134AF2E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgnsx.exe |
"{3017E6C2-4054-488A-B2B3-5EA921B8DBFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgdiagex.exe |
"{31EE0211-558C-4226-AEE0-EDAB12AD3DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34670E95-D106-4731-91F0-EB9649DE9E14}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{395FB73F-9E6C-4DE9-B331-151B27CB6190}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3CDD1AE8-4725-427E-A272-2D0DDCDDE817}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{419B11A2-705A-41C7-AA19-B235F858AF8A}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\rpds\bin\rpdsvc.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{4D1E0B2E-B496-4C81-8DEB-8D93D60699AC}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{5D77885D-9128-46D6-9E22-881AAE7D5829}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68763FF0-502B-4476-B310-46DB0878180A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B9034D9-8E56-4860-8C9B-1D5639ABD037}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{73ED65A4-1BCD-46B9-836D-0188C164FC0D}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7694FCD9-2E5A-4393-9709-C8E2FF5EBE0A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{7BBA319B-BE50-4A8F-8673-38A90D618D46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C3398E3-465A-4008-B78B-98839AAEA804}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{843C0F7E-D6E3-49FA-92F9-77ECDA07902B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C4190A4-1E78-4973-A368-59F884D6A8AB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{91A7928A-E9E5-4151-8DDF-0240CC3B4CAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9493E670-5928-40AF-9899-DB72A0A7791F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{96DF11C4-14BA-4725-8EE7-589896933B4C}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A563009B-DB97-43BA-AE4C-8FB74CD3B03A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgemcx.exe |
"{A5BEF8A0-7C75-4B78-A820-5E8CA0A17E6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8D60430-A231-4876-A9B4-45C71B141D44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE802A35-5856-4A4D-AED6-3BD4647ACEDB}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\rpds\bin\rpdsvc.exe |
"{B2B3A9A3-F449-46BC-9EEB-A1945070315C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgdiagex.exe |
"{B59ED628-69D5-469B-A5D5-C9B61640AF87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C356E321-D6E4-44B3-B663-F967F42F76F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4899AB4-92D6-4354-9D3B-F0C3AC41B27B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB770742-8231-4256-8E78-48790F5F6933}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgemcx.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D20B1534-7123-4BEB-8650-9C9714F3ED41}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D2CBE41C-86FD-429D-8838-4211AEDB4D2B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEF35385-2EB7-41D4-8178-2BB55AB1FAA7}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{DF9FDE40-A819-489A-BFA9-FAD9CE31CFD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E007AE2F-B412-41A1-9A01-267E05065E36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E599889A-B423-4097-ADF1-3D95FC2703B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F26DA756-A7E9-4C8D-9DDD-07B105439141}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9A3B98C-59F3-4948-9E2E-A824436B77C0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{07262C9F-E359-434D-B2B6-B0E01DAD3163}C:\programdata\sling\sling.exe" = protocol=6 | dir=in | app=c:\programdata\sling\sling.exe |
"TCP Query User{285062FE-7E65-4CB6-A892-8AC5D5D9A7D4}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{363B07A6-6843-4893-A149-44FED04D4E98}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4F7EF615-B288-4C88-AB2D-1BC7731977C6}C:\program files\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"TCP Query User{506D4939-ECC8-4104-883A-0670843849AD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{670DAA51-819F-4431-81B0-D19D5CAD52DE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{9A385417-CC22-4A42-BBE1-1C2804DA2BB6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{BBD41B8E-D490-46AD-9025-867426AE3812}C:\program files\java\jre1.8.0_45\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_45\bin\javaw.exe |
"TCP Query User{BF38D799-3F9F-41A9-AA2B-F3276AF905E8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E5F59C4E-EF57-4453-9C31-FE7F68CCB390}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F11B6BD8-788B-43D1-8A31-9AB5E50A2D53}C:\users\living room\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\living room\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1CE2EDC7-E170-44F7-99D0-0388D185802E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1EF0717B-78AA-486B-95FD-39E0D7926FDC}C:\program files\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"UDP Query User{63CE0C7C-B861-4563-842D-6838EAFD679C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{6BC234A5-9332-4CAA-9CCC-806860B4586A}C:\users\living room\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\living room\appdata\roaming\spotify\spotify.exe |
"UDP Query User{759DBE9A-5F86-4F55-9087-1C7C1202D427}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AB9C3F8B-DD7B-432B-BFDE-E104F3FBAA0E}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{ADAAD328-D69E-4BA4-A149-5218A550F52A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B782DD42-C7FC-478F-83B2-8335B68FEC4C}C:\program files\java\jre1.8.0_45\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_45\bin\javaw.exe |
"UDP Query User{B879BA91-D8B6-4481-AA07-C8923541FF78}C:\programdata\sling\sling.exe" = protocol=17 | dir=in | app=c:\programdata\sling\sling.exe |
"UDP Query User{D0B7D083-F622-4058-9B33-74F27350F494}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{D7BE11CB-87F2-4763-8ED3-EEB9CC3B4FC9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{026C76AD-0085-4721-9387-CCEEC5577076}" = LearnCNC Game
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{12FA7D28-CF8C-498B-BC4A-E654B44546EF}" = RealDownloader
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18026153-83A4-40E0-96B6-41E441607518}" = Eraser 6.0.9.2343
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{286DDBD0-6355-428F-8BD5-822CF08606EC}" = Windows Live MIME IFilter
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E63F1A2-7232-45D4-B798-B92E5526C877}" = AVG 2015
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.1.4.17
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31F0CE-D1D7-44C0-AE9B-6221D7F2DF36}" = Cooliris for Internet Explorer
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5419F3AA-5636-4427-8FC9-380A5EC1F994}" = Sling
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
"{5D394B1B-03A1-43BC-BBA9-53BC880F86F3}" = OldSchool RuneScape Launcher 1.2.4
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7445B725-5389-4CA1-AAC1-75039BE8B26F}" = Scholastic eReader Support Files
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}" = SlimDX Runtime .NET 4.0 x86 (January 2012)
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F3B20DF-76F2-47F4-9372-F0F56485A58D}" = RealDownloader
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}" = BlueStacks Notification Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.12)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CEA30023-A279-4BE4-A88B-5EA18CD06360}" = GameSessions Runtime x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D746B6F6-0483-478A-BAAB-D16637B88E5A}" = Data Delivery Installer x86
"{D94D7782-B61C-49E5-BE75-2DDC0A68EF97}" = Nitro Reader 3
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DAEE2C24-126A-41EA-9BA8-0343FF3CE0BB}" = AVG 2015
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e1f55556-ee3b-4059-961f-390ab7191c03}" = RealDownloader
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E60AFF01-6087-47BD-8272-61FA3CFC309D}" = Video Downloader
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}" = Microsoft Camera Codec Pack
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2015
"AVG Web TuneUp" = AVG Web TuneUp
"Backup Assistant Plus" = Backup Assistant Plus
"bitRipper" = bitRipper
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DiskAid_is1" = DiskAid 5.14
"DivX Setup" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 9 US_is1" = DVDFab 9.1.7.6 (28/11/2014)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"HyperCam 2" = HyperCam 2
"ImgBurn" = ImgBurn
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"Intel Android Device USB driver" = Intel Android Device USB driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 40.0.3 (x86 en-US)" = Mozilla Firefox 40.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Opera 31.0.1889.161" = Opera Stable 31.0.1889.161
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RaidCall" = RaidCall
"RealPlayer 18.0" = RealTimes (RealPlayer)
"Revo Uninstaller" = Revo Uninstaller 1.95
"SeaMonkey (2.8)" = SeaMonkey (2.8)
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Speccy" = Speccy
"Steam" = Steam
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TweakNow PowerPack 2012_is1" = TweakNow PowerPack 2012
"Unchecky" = Unchecky v0.3.9
"VLC media player" = VLC media player 2.0.2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for Living Room
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Living Room
"9b616d711397850c" = Urwigo
"chess-a9dc726e4b1d8c5fcc67d388cfc44d40" = Chess
"Juniper_Setup_Client" = Juniper Networks Setup Client
"MyFreeCodec" = MyFreeCodec
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
Error encountered while reading event logs.
 
< End of report >
 


  • 0

Advertisements

#2
Izzy1665
Posted 16 September 2015 - 09:07 AM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

It seams to be getting worse, especially on the Firefox browser. Only seems to be internet involved though. I have no issues running programs installed on my computer though. I've reset router as well as uninstalled and reinstalled Firefox.


Edited by Izzy1665, 16 September 2015 - 09:09 AM.

  • 0

#3
Izzy1665
Posted 18 September 2015 - 08:04 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Nothing ?


  • 0

#4
Izzy1665
Posted 25 September 2015 - 10:09 AM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Hello? This problem has gotten so bad it is almost impossible to do anything productive.


  • 0

#5
Izzy1665
Posted 29 September 2015 - 08:18 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

please disregard this. I gave up after the 22 day of no reply. Thanks anyways, I know you guys are extremely busy and do a wonderful job.


  • 0

#6
BrianDrab
Posted 01 October 2015 - 08:36 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Sorry that you didn't get a reply. It likely got missed. There's a procedure for when you have been waiting over 3 days. If interested you can follow the instructions at the following link and you will get a reply.

 

http://www.geekstogo...t-getting-help/


  • 0

#7
Essexboy
Posted 03 October 2015 - 08:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay

I would like a fresh look at the system, these may be run from safe mode with networking

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#8
Izzy1665
Posted 03 October 2015 - 05:42 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Per your instructions, aswMBR log posted in reply and FRST logs attached.

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-10-03 18:01:47
-----------------------------
18:01:47.554    OS Version: Windows 6.1.7601 Service Pack 1
18:01:47.554    Number of processors: 2 586 0x1706
18:01:47.554    ComputerName: LIVINGROOM-PC  UserName: Living Room
18:01:48.287    Initialize success
18:01:48.287    VM: initialized successfully
18:01:48.287    VM: Intel CPU supported
18:01:50.946    VM: supported disk I/O ataport.SYS
18:02:15.407    AVAST engine defs: 15100301
18:02:18.122    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:02:18.122    Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
18:02:18.215    VM: Disk 0 MBR read successfully
18:02:18.215    Disk 0 MBR scan
18:02:18.231    Disk 0 Windows 7 default MBR code
18:02:18.231    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
18:02:18.231    Disk 0 default boot code
18:02:18.246    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       520582 MB offset 206848
18:02:18.262    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       222643 MB offset 1066358784
18:02:18.278    Disk 0 Partition - 00     0F   Extended LBA            210542 MB offset 1522331648
18:02:18.293    Disk 0 Partition 4 00     07      HPFS/NTFS NTFS       210541 MB offset 1522333696
18:02:18.309    Disk 0 scanning sectors +1953521664
18:02:18.418    Disk 0 scanning C:\Windows\system32\drivers
18:02:29.946    Service scanning
18:02:54.720    Modules scanning
18:02:54.720    Disk 0 trace - called modules:
18:02:54.736    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:02:54.736    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8d948]
18:02:54.736    3 CLASSPNP.SYS[8c60459e] -> nt!IofCallDriver -> [0x868e0918]
18:02:54.736    5 ACPI.sys[8c2c43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x868e3908]
18:02:55.469    AVAST engine scan C:\Windows
18:02:57.294    AVAST engine scan C:\Windows\system32
18:07:04.243    AVAST engine scan C:\Windows\system32\drivers
18:07:22.963    AVAST engine scan C:\Users\Living Room
19:09:43.502    AVAST engine scan C:\ProgramData
19:38:18.941    Disk 0 statistics 5778642/0/283 @ 0.61 MB/s
19:38:18.956    Scan finished successfully
19:41:15.652    Disk 0 MBR has been saved successfully to "C:\Users\Living Room\Desktop\MBR.dat"
19:41:15.652    The log file has been saved successfully to "C:\Users\Living Room\Desktop\aswMBR.txt"

 

Attached Files


  • 0

#9
Essexboy
Posted 04 October 2015 - 03:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not seeing a great deal there, when do you experience the slowness most ? At boot, when surfing or just general use

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2015-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-10-02]
Task: {3F0888B1-63BC-4309-B297-98AD6C9FAE1E} - \RealTimes (32-bit) -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#10
Izzy1665
Posted 04 October 2015 - 05:02 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

I see the slowness when surfing using Firefox mostly but I do see the slowness in Chrome as well. I have kept both browsers updated as well as uninstalled them and reinstalled them and updated them in hopes of fixing whatever the issue was but still had the same problem. AT&T cannot seem to find anything wrong when they test the line and I am getting the speeds I pay for (12Mbps). Its only been over the last 4 weeks or so that things have been dragging. Thanks essexboy for the help...again.

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Living Room (2015-10-04 18:48:33) Run:1
Running from C:\Users\Living Room\Downloads
Loaded Profiles: Living Room (Available Profiles: Living Room & Ad & Mcx1-LIVINGROOM-PC & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2015-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-10-02]
Task: {3F0888B1-63BC-4309-B297-98AD6C9FAE1E} - \RealTimes (32-bit) -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully
C:\Program Files\Mozilla Firefox\extensions\[email protected] => moved successfully
C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F0888B1-63BC-4309-B297-98AD6C9FAE1E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0888B1-63BC-4309-B297-98AD6C9FAE1E}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealTimes (32-bit) => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-21828565-3005677120-1819634571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-21828565-3005677120-1819634571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{C72612D7-6FDF-4A54-9C65-3A8F630AE4B9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   IPv4 Address. . . . . . . . . . . : 192.168.1.64
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter isatap.{C72612D7-6FDF-4A54-9C65-3A8F630AE4B9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:52:24 ====


  • 0

Advertisements

#11
Essexboy
Posted 05 October 2015 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that gives me a feel for where the problem may be

Could you test with Internet Explorer and see if you still get the same lag

Also did you update AVG just prior to this ?
  • 0

#12
Izzy1665
Posted 08 October 2015 - 08:13 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Huh? I replied. apparently it didn't take

 

My AVG auto-updates everytime the computer is started.

 

I am still seeing some lag but I am not seeing the several seconds I was seeing several days ago.


  • 0

#13
Essexboy
Posted 09 October 2015 - 06:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK is the lag apparent at all times or just when the browser has been running for a while ?

Do you clear firefox history when you close the browser
  • 0

#14
Izzy1665
Posted 09 October 2015 - 10:59 AM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

I close browers regularly and reopen and I clear the browser's caches a couple times a week. I'm not sure it any of what you hadme run cleared or fixed anything but i am seeing better speeds. I will check with my wife who has been having similar issues with her laptop and have her run an OTL and submit it as well.


  • 0

#15
Essexboy
Posted 09 October 2015 - 11:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you do a lot of browsing (multiple sites) then it does build up quite fast

Part of the fix we run was to empty all temporary files

Go to options in Firefox and set privacy as shown

Capture.JPG

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP