Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Laptop running at %100 CPU!

Started by KOTARE33 , Jun 20 2013 09:07 PM

  • Please log in to reply

#1
KOTARE33
Posted 20 June 2013 - 09:07 PM

KOTARE33

    Member

  • Member
  • PipPip
  • 26 posts
Hi there. I had a similar problem on this laptop a few months back and someone on this forum (Gringo?) helped me immensely.

Well now it is doing it again. The CPU goes to %100 very quickly - explorer.exe hogs up the resources - and it slows down my system so much that I cannot work! (I am a musician/producer/sound designer). Restarting sets it to normal CPU usage but it will just go back again eventually. What triggers it I do not know, but there are a few suspicious things. Windows Media Player stops being able to play files (it hangs trying to play it then flashes an error message - "Default IME not responding" (?) - and I sometimes get the blue circle after a while and I cannot access through My Computer my hard drives.

Also, I did develop a bad HD a month or two back and I swapped it for a new one. The old one is still in there though I loaded a new OS onto the new one and I access the old HD every so often to access some of the files that were on there. A week or so my laptop restarted spontaneously and booted into the old OS - I had to F2 on start up to re-prioritize the boot-load options.

Any help would be greatly appreciated!!!


OTL Log -

OTL logfile created on: 21/06/2013 3:10:45 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KINGFISHER\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

5.87 Gb Total Physical Memory | 3.62 Gb Available Physical Memory | 61.64% Memory free
11.74 Gb Paging File | 8.76 Gb Available in Paging File | 74.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 399.16 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.18 Mb Free Space | 70.18% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 398.07 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
Drive H: | 596.07 Gb Total Space | 101.89 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

Computer Name: KOTARE | User Name: KINGFISHER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/06/21 15:09:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KINGFISHER\Desktop\OTL.exe
PRC - [2013/06/15 13:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/07 22:14:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/19 03:13:51 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/19 03:10:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/12 22:47:44 | 000,339,968 | ---- | M] (Image-Line) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
PRC - [2012/12/19 07:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/21 15:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/08 12:46:04 | 000,870,928 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Pro\DriverInterface.exe
PRC - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/06/02 16:13:58 | 000,714,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2010/05/06 10:33:08 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/15 13:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 13:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 13:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 13:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/15 13:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/15 13:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/04/19 21:48:58 | 001,474,048 | ---- | M] () -- C:\Program Files (x86)\Image-Line\FL Studio 11\Plugins\Fruity\Effects\Fruity Parametric EQ 2\Fruity Parametric EQ 2.dll
MOD - [2013/04/19 21:48:42 | 001,522,688 | ---- | M] () -- C:\Program Files (x86)\Image-Line\FL Studio 11\Plugins\Fruity\Effects\Fruity Limiter\Fruity Limiter.dll
MOD - [2013/04/11 12:18:30 | 000,509,440 | ---- | M] () -- C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll
MOD - [2013/02/12 01:08:18 | 018,722,816 | ---- | M] () -- C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll
MOD - [2012/08/15 22:01:32 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\Image-Line\Shared\freetype.dll
MOD - [2011/01/22 11:47:18 | 007,406,731 | ---- | M] () -- C:\Program Files (x86)\VstPlugins\FerricTDS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 13:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 16:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/04/19 03:13:51 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/04/19 03:10:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/19 07:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/19 03:15:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/04/19 03:15:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/04/19 03:15:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/24 02:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/24 02:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 02:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/24 02:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 18:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 18:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 18:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 15:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 15:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 15:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 15:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 15:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 12:45:48 | 000,433,168 | ---- | M] (Avid) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AvidMboxPro.sys -- (MBOXPRO)
DRV:64bit: - [2010/08/16 11:40:38 | 000,076,136 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/07/02 09:14:00 | 001,111,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/06/22 13:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 13:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/09 18:48:30 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/27 15:47:56 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/12 20:23:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/31 15:36:18 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009/08/31 15:36:16 | 000,026,624 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys -- (nuvotonhidcir)
DRV:64bit: - [2009/08/31 12:42:04 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009/08/18 18:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 93 B6 37 43 3C CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Gmail = C:\Users\KINGFISHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 09:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F27ADE7-353B-4F32-9EA7-6EF9CECDCF21}: DhcpNameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB524ED4-BDCB-4365-8CD3-06E98446F2EF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF8A447F-C127-4CB3-B1CD-72CD465C35A7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/21 15:09:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KINGFISHER\Desktop\OTL.exe
[2013/06/20 15:18:08 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Desktop\freesamplepack1
[2013/06/17 23:57:20 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Documents\FabFilter
[2013/06/17 23:57:20 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\AppData\Roaming\FabFilter
[2013/06/17 23:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FabFilter
[2013/06/17 23:56:03 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
[2013/06/10 02:57:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/10 02:50:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 02:45:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/10 01:50:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/10 01:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/10 01:37:51 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\KINGFISHER\Desktop\ccsetup402.exe
[2013/06/10 00:59:57 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\KINGFISHER\Desktop\startuplite-setup-1.07.exe
[2013/06/05 20:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\2degrees Mobile Broadband
[2013/06/05 20:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013/06/04 19:59:12 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Desktop\Boards of Canada- Tomorrows Harvest
[2013/06/04 16:42:46 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Desktop\media.io.1738086935 (1)
[2013/05/29 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Desktop\Boards of Canada - Geogaddi
[2013/05/29 22:21:11 | 000,000,000 | ---D | C] -- C:\Users\KINGFISHER\Desktop\Parades.End.Complted.480p.HDTV.H264

========== Files - Modified Within 30 Days ==========

[2013/06/21 15:09:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KINGFISHER\Desktop\OTL.exe
[2013/06/21 14:56:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 13:57:23 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/21 13:57:23 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/21 13:57:23 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/21 13:49:55 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 13:49:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/21 13:49:41 | 433,438,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/21 13:10:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 13:10:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 04:59:58 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/21 03:56:25 | 006,670,963 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\SWAMP MONSTERS.mp3
[2013/06/21 00:11:36 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate percussion.aif
[2013/06/21 00:10:44 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate pad.aif
[2013/06/21 00:10:37 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead sparkle.aif
[2013/06/21 00:10:27 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead HRMNY.aif
[2013/06/21 00:10:26 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead leg.aif
[2013/06/21 00:02:01 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate drums.aif
[2013/06/21 00:01:53 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead mel.aif
[2013/06/21 00:01:23 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead arp.aif
[2013/06/20 23:55:40 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox_DRY.aif
[2013/06/20 23:54:44 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG VOX 2.aif
[2013/06/20 23:54:39 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox2_DRY.aif
[2013/06/20 23:54:30 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate 808 clap.aif
[2013/06/20 23:54:07 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox.aif
[2013/06/20 23:53:02 | 044,150,454 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\cleanslate arp pad.aif
[2013/06/20 15:17:07 | 000,819,711 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\freesamplepack1.zip
[2013/06/19 21:48:21 | 000,075,642 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Jesse Gubb Invoice June 19th.jpg
[2013/06/18 22:56:38 | 007,145,356 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\sample 1.wav
[2013/06/18 02:21:15 | 488,549,165 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/15 23:09:54 | 001,068,948 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\jk2 - Part_1.wav
[2013/06/15 23:05:24 | 010,136,380 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\jk2.wav
[2013/06/15 22:13:16 | 008,317,588 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\jk.wav
[2013/06/15 18:17:14 | 000,004,608 | ---- | M] () -- C:\Users\KINGFISHER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/12 22:22:56 | 000,017,195 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\1001148_563824290323363_1354749159_n.jpg
[2013/06/10 21:50:17 | 000,033,480 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\560615_10151306274186060_1409198400_n.jpg
[2013/06/10 14:00:01 | 028,845,808 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\DopeTek.mp4
[2013/06/10 02:32:07 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\KINGFISHER\Desktop\ComboFix.exe
[2013/06/10 01:40:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/10 01:38:25 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\KINGFISHER\Desktop\ccsetup402.exe
[2013/06/10 01:00:00 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\KINGFISHER\Desktop\startuplite-setup-1.07.exe
[2013/06/10 00:28:55 | 000,080,060 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\GST Invoice - Jesse Gubb June 9 2013.jpg
[2013/06/09 22:38:56 | 050,839,814 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\DopeTek 1.wav
[2013/06/09 22:27:18 | 004,115,714 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\blueberries x.mp3
[2013/06/09 19:47:48 | 035,143,577 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Arabella - Lost In Color.mp4
[2013/06/07 20:55:40 | 000,031,013 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\[kat.ph]boards.of.canada.the.campfire.headphase.torrent
[2013/06/06 00:48:57 | 050,960,190 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Hawaii 2012 Sunday.mp3
[2013/06/06 00:48:31 | 043,316,223 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Hawaii 2012 Wednesday.mp3
[2013/06/06 00:47:24 | 043,376,276 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Portland me-2012.mp3
[2013/06/06 00:47:12 | 053,119,504 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Moscow 2.mp3
[2013/06/06 00:46:11 | 043,291,721 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\boulder-2013.mp3
[2013/06/05 20:37:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013/06/05 20:35:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/06/04 16:51:19 | 000,078,233 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\GST INVOICE - JESSE GUBB 2.jpg
[2013/06/04 16:41:41 | 041,139,861 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\media.io.1738086935 (1).zip
[2013/06/04 16:18:55 | 041,139,861 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\media.io.1738086935.zip
[2013/06/04 15:35:03 | 000,073,265 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\GST INVOICE - JESSE GUBB.jpg
[2013/06/04 12:03:31 | 034,111,402 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\PattyHearstBeatTape.zip
[2013/06/02 22:30:08 | 004,959,991 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\mstr mathew.mp3
[2013/05/27 21:16:18 | 000,001,671 | ---- | M] () -- C:\Users\KINGFISHER\Desktop\Sliced beats - Shortcut (2).lnk

========== Files Created - No Company Name ==========

[2013/06/21 03:55:48 | 006,670,963 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\SWAMP MONSTERS.mp3
[2013/06/21 00:05:28 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate percussion.aif
[2013/06/21 00:05:23 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate pad.aif
[2013/06/21 00:05:15 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead sparkle.aif
[2013/06/21 00:05:12 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead leg.aif
[2013/06/21 00:05:06 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead HRMNY.aif
[2013/06/20 23:54:32 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead mel.aif
[2013/06/20 23:54:07 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate lead arp.aif
[2013/06/20 23:54:03 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate drums.aif
[2013/06/20 23:43:50 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox2_DRY.aif
[2013/06/20 23:43:48 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox.aif
[2013/06/20 23:43:47 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG Vox_DRY.aif
[2013/06/20 23:43:43 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate BG VOX 2.aif
[2013/06/20 23:43:35 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate arp pad.aif
[2013/06/20 23:43:32 | 044,150,454 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\cleanslate 808 clap.aif
[2013/06/20 15:17:01 | 000,819,711 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\freesamplepack1.zip
[2013/06/19 21:46:54 | 000,075,642 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Jesse Gubb Invoice June 19th.jpg
[2013/06/18 22:55:25 | 007,145,356 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\sample 1.wav
[2013/06/18 02:21:15 | 488,549,165 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/06/15 23:09:54 | 001,068,948 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\jk2 - Part_1.wav
[2013/06/15 23:03:53 | 010,136,380 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\jk2.wav
[2013/06/15 22:10:42 | 008,317,588 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\jk.wav
[2013/06/15 18:17:13 | 000,004,608 | ---- | C] () -- C:\Users\KINGFISHER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/12 22:22:53 | 000,017,195 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\1001148_563824290323363_1354749159_n.jpg
[2013/06/10 21:50:16 | 000,033,480 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\560615_10151306274186060_1409198400_n.jpg
[2013/06/10 13:50:01 | 028,845,808 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\DopeTek.mp4
[2013/06/10 13:47:17 | 000,368,987 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Photo_00017j.jpg
[2013/06/10 01:40:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/10 00:27:26 | 000,080,060 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\GST Invoice - Jesse Gubb June 9 2013.jpg
[2013/06/09 22:41:31 | 050,839,814 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\DopeTek 1.wav
[2013/06/09 22:26:14 | 004,115,714 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\blueberries x.mp3
[2013/06/09 19:38:14 | 035,143,577 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Arabella - Lost In Color.mp4
[2013/06/09 19:34:33 | 001,439,187 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\herringbone.png
[2013/06/07 20:55:39 | 000,031,013 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\[kat.ph]boards.of.canada.the.campfire.headphase.torrent
[2013/06/06 00:43:06 | 043,316,223 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Hawaii 2012 Wednesday.mp3
[2013/06/06 00:42:58 | 050,960,190 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Hawaii 2012 Sunday.mp3
[2013/06/06 00:42:30 | 043,376,276 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Portland me-2012.mp3
[2013/06/06 00:41:01 | 043,291,721 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\boulder-2013.mp3
[2013/06/06 00:40:41 | 053,119,504 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Moscow 2.mp3
[2013/06/05 20:37:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013/06/05 20:35:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/06/04 16:49:35 | 000,078,233 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\GST INVOICE - JESSE GUBB 2.jpg
[2013/06/04 16:31:42 | 041,139,861 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\media.io.1738086935 (1).zip
[2013/06/04 16:07:22 | 041,139,861 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\media.io.1738086935.zip
[2013/06/04 15:33:17 | 000,073,265 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\GST INVOICE - JESSE GUBB.jpg
[2013/06/04 11:56:29 | 034,111,402 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\PattyHearstBeatTape.zip
[2013/06/02 22:28:48 | 004,959,991 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\mstr mathew.mp3
[2013/05/27 21:16:18 | 000,001,671 | ---- | C] () -- C:\Users\KINGFISHER\Desktop\Sliced beats - Shortcut (2).lnk
[2013/05/12 22:29:56 | 000,000,189 | ---- | C] () -- C:\Users\KINGFISHER\AppData\Local\DC8Csettings.ini
[2013/04/24 14:52:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/24 14:52:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/24 14:52:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/24 14:52:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/24 14:52:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/20 15:59:15 | 005,204,992 | ---- | C] () -- C:\Windows\SysWow64\PSP MicroComp.dll
[2013/04/20 15:59:15 | 004,583,424 | ---- | C] () -- C:\Windows\SysWow64\PSP MasterComp.dll
[2013/04/19 02:11:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/07/03 08:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/02/03 15:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll

========== ZeroAccess Check ==========

[2009/07/14 16:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 17:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 16:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 13:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 15:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 13:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/13 01:47:57 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\Ableton
[2013/04/20 18:05:41 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\Cytomic
[2013/06/10 01:45:09 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\DAEMON Tools Lite
[2013/06/18 00:57:59 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\FabFilter
[2013/05/18 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\FlowStone
[2013/04/27 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\foobar2000
[2013/05/18 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\Image-Line
[2013/06/20 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\iZotope
[2013/04/29 13:11:34 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\OpenOffice.org
[2013/04/19 03:22:06 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\Philipp Winterberg
[2013/04/20 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\Plugin Alliance
[2013/05/12 23:43:39 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\REAPER
[2013/04/24 05:51:12 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\SynthMaker
[2013/06/20 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\tixati
[2013/04/19 02:20:41 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\toshiba
[2013/04/20 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\VST3 Presets
[2013/04/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Users\KINGFISHER\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >



OTL Extras Logs -

OTL Extras logfile created on: 21/06/2013 3:10:46 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KINGFISHER\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

5.87 Gb Total Physical Memory | 3.62 Gb Available Physical Memory | 61.64% Memory free
11.74 Gb Paging File | 8.76 Gb Available in Paging File | 74.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 399.16 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.18 Mb Free Space | 70.18% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 398.07 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
Drive H: | 596.07 Gb Total Space | 101.89 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

Computer Name: KOTARE | User Name: KINGFISHER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F49DC6D-89F8-4D18-9FDB-4778668421BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{1396964D-445B-4CBA-909E-27F5EC76B09D}" = lport=137 | protocol=17 | dir=in | app=system |
"{14EE788B-57E1-4E47-813D-FCF11A18B3D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{163CE132-40B6-43AE-8A80-B5850FC90D9A}" = rport=137 | protocol=17 | dir=out | app=system |
"{190F885E-173C-4D70-BC45-0768B644A989}" = rport=138 | protocol=17 | dir=out | app=system |
"{3130A8E8-A9DE-4C52-914E-6192EC1A494D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{449C6B7C-326E-4753-A3B3-17DBBDC59A7E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4930D2DF-C744-4662-BAE1-281B43748BBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{498025BB-5FF9-4597-8611-DD17FB0D0EB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FB4211E-F7DC-4910-9069-AAC51907C944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B781524-3302-49B2-91FE-C70D93C7F2A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F261536-0589-48A4-B5B1-BB3C5646C195}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{900C04E2-74EE-453D-B356-6CB30C6D61A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98C8010E-A095-41A0-9F68-CB3AA7EC1D98}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B63AB33F-74C9-4FBE-8B63-04A1F4BE525E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B9D0C9DE-983E-4D56-A125-6082033126AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C131C4E4-B3E4-4FAF-AE63-AE56655966B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB0687A3-5484-47C4-B662-925EC6F967F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDCF0DD6-9E40-4D81-A8B2-D83C22C80188}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D6C8BF96-B259-45B1-B364-6F0501520C48}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAA1994F-8633-4D83-AF3E-959C6BC596B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{F65C3C81-52AE-48B3-87C6-91CDB21FD280}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD8DF8B0-51FA-4E87-A844-626BC37DA5C9}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00882358-90D9-42FD-A06B-0C6AB0505D5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0473190F-F58A-4614-9343-42299303CA5C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0D0AC4A5-D69B-4755-AA76-E5FAF554B10E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B290625-754E-4569-A9DE-CCAB4C4DE8B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E0D58F5-3EF3-4CD2-945A-7CA7E8E49965}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23657C0C-BDF3-4E8F-AC76-B778D943B892}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{241C6B51-AC95-40B3-A6A8-A15CFB9D8180}" = protocol=1 | dir=in | [email protected],-28543 |
"{35EAA082-8963-4E4D-93CF-A9D48B38CFAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42BA561C-AD11-44F4-AB79-1F85BF53516D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BC641F0-6721-4557-B586-F1BABC694881}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DAD72B0-9882-4522-9FA2-C19252E3F436}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6EF1EA1C-0E21-49B3-9AF3-2D6E005EAF50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A161F040-A4E7-44D8-BD20-2C6ECE15E960}" = protocol=1 | dir=out | [email protected],-28544 |
"{A8418124-B5E9-4310-AB8E-2EBD68677D34}" = protocol=6 | dir=out | app=system |
"{A91A117B-89DF-4B5E-9C6E-5DB7E0266D1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B24D5D10-621B-4333-B4C6-0805B31E3775}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BC788CB9-5994-4F50-A3D5-8B4A1913310E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCFE2E77-F985-40D4-96A4-1C9BAC3A3182}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D374049D-6CE5-4780-BBBB-50C257D75412}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D64FAB17-2876-46D5-A7D5-565D394BCF34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7DB8F67-52C5-4C33-95B9-66FFCE2EE565}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E144C020-4A8A-4B9D-ACB6-CC54B7A81DCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EB8BA01A-BE4A-4A92-9304-6773DDCE8440}" = protocol=58 | dir=in | [email protected],-28545 |
"{F8E062A8-7F83-4180-9802-8584AABB1726}" = protocol=58 | dir=out | [email protected],-28546 |
"{FF1D1D9C-B336-4BE5-90A1-01316258F278}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFCB9042-6B0C-4F8D-8751-78BE0DDDCD8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{821F4028-BE9B-4403-AFF8-881760F05424}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{CAEDC347-00A7-40B2-A002-BE1B118AFC7C}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{E598ABC3-93A7-4B06-935D-1699B5BD5DCC}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{06FD6AFA-6A0C-406C-8F2B-524A19B33068}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{B3F9352C-DC2E-4B10-A67B-549B1174D725}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{EC031616-7612-4F94-9B2F-782C4C79933D}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010FFE0B-4C25-4EDC-A44E-8B8C5A64AF68}" = O2Micro Flash Memory Card Windows Driver
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4BC549F9-ACEB-4A2D-B317-A8A80BF5DBD2}" = Ableton Live 9 Suite
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62C2B2D5-8650-4889-8FF2-4479532F9397}" = Avid Mbox Pro Driver 1.0.11 (x64)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"DC1A_is1" = DC1A version 1.2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PSP BussPressor 64bit" = PSP BussPressor 64bit
"REAPER" = REAPER (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{119266B3-708B-4904-96E1-F43F5C115499}" = SP-404SX Wave Converter
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B73A66DB-7804-46EC-9A2F-BD534FDB6AD5}" = TOSHIBA ConfigFree
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"foobar2000" = foobar2000 v1.2.4
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{010FFE0B-4C25-4EDC-A44E-8B8C5A64AF68}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Neverwinter" = Neverwinter
"PSP MasterComp 1.7.1 64bit" = PSP MasterComp 1.7.1 64bit
"RarZilla Free Unrar" = RarZilla Free Unrar
"Revo Uninstaller" = Revo Uninstaller 1.94
"tixati" = Tixati
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/06/2013 1:06:40 p.m. | Computer Name = KOTARE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9048

Error - 20/06/2013 1:06:41 p.m. | Computer Name = KOTARE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/06/2013 1:06:41 p.m. | Computer Name = KOTARE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10125

Error - 20/06/2013 1:06:41 p.m. | Computer Name = KOTARE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10125

Error - 20/06/2013 9:02:32 p.m. | Computer Name = KOTARE | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 474 Start
Time: 01ce6dd4b7d8e789 Termination Time: 16 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: 3e0701c4-da0e-11e2-811f-c80aa995c126

Error - 20/06/2013 9:07:05 p.m. | Computer Name = KOTARE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 20/06/2013 9:07:09 p.m. | Computer Name = KOTARE | Source = WinMgmt | ID = 10
Description =

Error - 20/06/2013 9:22:10 p.m. | Computer Name = KOTARE | Source = Application Hang | ID = 1002
Description = The program FL.exe version 1.1.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1704 Start Time:
01ce6e1be84da7ca Termination Time: 21 Application Path: C:\Program Files (x86)\Image-Line\FL
Studio 11\FL.exe Report Id: fc328f3c-da10-11e2-8fa2-c80aa995c126

Error - 20/06/2013 9:49:55 p.m. | Computer Name = KOTARE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 20/06/2013 9:49:59 p.m. | Computer Name = KOTARE | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 19/06/2013 9:48:14 p.m. | Computer Name = KOTARE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 19/06/2013 9:48:16 p.m. | Computer Name = KOTARE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 19/06/2013 9:48:16 p.m. | Computer Name = KOTARE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 19/06/2013 11:04:15 p.m. | Computer Name = KOTARE | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 34-15-9E-8B-16-E5. Network operations
on this system may be disrupted as a result.

Error - 19/06/2013 11:18:23 p.m. | Computer Name = KOTARE | Source = DCOM | ID = 10010
Description =

Error - 20/06/2013 12:18:28 a.m. | Computer Name = KOTARE | Source = DCOM | ID = 10001
Description =

Error - 20/06/2013 10:06:59 a.m. | Computer Name = KOTARE | Source = DCOM | ID = 10010
Description =

Error - 20/06/2013 9:07:02 p.m. | Computer Name = KOTARE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:05:13 p.m. on ?21/?06/?2013 was
unexpected.

Error - 20/06/2013 9:10:08 p.m. | Computer Name = KOTARE | Source = DCOM | ID = 10001
Description =

Error - 20/06/2013 9:49:53 p.m. | Computer Name = KOTARE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:49:01 p.m. on ?21/?06/?2013 was
unexpected.


< End of report >

Edited by KOTARE33, 20 June 2013 - 10:18 PM.

  • 0

Advertisements

Back to Windows Vista and Windows 7 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows Vista and Windows 7

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP