Hello! There seems to be a virus accusing me of using a false version of Windows 7. It keeps turning my desktop black, with the words in the bottom right corner:
Windows 7
Build 7601
This copy of Windows is not genuine.
It also harasses me upon start up, and then periodically as I use my computer, about it being false and asks me to resolve the problem online or something?
I know for a fact this isnt a false copy of windows. For one, it's been running for like 6 months without this problem so why now? So it must be a nasty virus. I've tried to do various things to counteract it but it seems to be messing with my admin privileges too.
I've also looked on windows website for help and there was this scan I did to see if my windows really was counterfeit or not. It just conveniently failed to work each time I ran it saying there was a error and could not identify anything etc. (I can find the exact tool I used if you'd like). Windows essentials has also been utterly useless so far, failing to detect anything wrong after a full scan.
This seems like a very difficult problem, I hope someone on here is able to help
Here are the OTL logs:
OTL logfile created on: 28/09/2014 10:33:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.74 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 55.37% Memory free
11.48 Gb Paging File | 8.38 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 342.70 Gb Free Space | 73.59% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/09/28 22:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
PRC - [2014/09/28 21:44:58 | 006,790,760 | ---- | M] (Trion Worlds Inc.) -- C:\Program Files (x86)\Glyph\GlyphClient.exe
PRC - [2014/09/28 21:44:58 | 000,851,456 | ---- | M] (Trion Worlds Inc.) -- C:\Program Files (x86)\Glyph\GlyphCrashHandler.exe
PRC - [2014/09/16 12:16:42 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/09/16 12:16:18 | 000,839,384 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/09/16 12:15:08 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/09/16 12:14:42 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2014/09/16 12:14:38 | 000,366,808 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2014/09/16 12:14:28 | 000,260,824 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2014/09/16 12:14:26 | 000,378,072 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2014/09/03 23:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/14 20:39:56 | 002,308,872 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/05/09 23:48:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2012/10/16 05:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 19:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2007/04/27 19:40:14 | 001,581,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
========== Modules (No Company Name) ==========
MOD - [2014/09/28 21:45:16 | 001,019,904 | ---- | M] () -- C:\Program Files (x86)\Glyph\xlpack.dll
MOD - [2014/09/28 21:45:06 | 000,866,816 | ---- | M] () -- C:\Program Files (x86)\Glyph\platforms\qwindows.dll
MOD - [2014/09/28 21:45:02 | 000,705,024 | ---- | M] () -- C:\Program Files (x86)\Glyph\libGLESv2.dll
MOD - [2014/09/28 21:45:02 | 000,242,176 | ---- | M] () -- C:\Program Files (x86)\Glyph\imageformats\qjpeg.dll
MOD - [2014/09/28 21:45:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Glyph\libEGL.dll
MOD - [2014/09/28 21:45:02 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Glyph\imageformats\qgif.dll
MOD - [2014/09/23 18:05:21 | 001,435,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\1dee8605c31d9a960f10b450ddfb7687\HD-Agent.ni.exe
MOD - [2014/09/23 18:05:06 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\7514b80bd1290d9c7b8a3d3348312e5d\JSON.ni.dll
MOD - [2014/09/15 20:43:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f4a273c77f0b00e57146542241232d70\System.ServiceProcess.ni.dll
MOD - [2014/09/15 20:43:26 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll
MOD - [2014/09/15 20:42:47 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/15 20:42:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/15 20:42:34 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/15 20:42:30 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/15 20:42:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/15 20:42:00 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/03 23:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014/09/03 23:01:17 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014/09/03 23:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014/09/03 23:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014/09/03 23:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014/09/03 23:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/16 05:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2007/04/13 20:18:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\EnergyCut\KbdHook.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/13 12:24:13 | 000,627,992 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/16 12:16:42 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/09/16 12:15:08 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/09/16 12:14:42 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/11/11 20:16:03 | 000,090,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2013/11/11 20:16:03 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2013/11/11 20:16:02 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/15 07:02:40 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/07/01 15:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/09/16 12:14:54 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\testy\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Users\testy\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ()
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Google Wallet = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/06/18 21:55:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A73C9AEE7221095378158091CCE61823] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.226.1.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802FC181-7A86-4503-AE7C-82B67922BBDF}: DhcpNameServer = 192.168.1.1 24.226.1.93
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 19:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell - "" = AutoRun
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/09/28 22:26:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/09/28 21:45:16 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Glyph
[2014/09/28 21:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
[2014/09/28 21:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Glyph
[2014/09/28 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph
[2014/09/28 21:35:59 | 032,085,104 | ---- | C] (Trion Worlds Inc.) -- C:\Users\testy\Desktop\GlyphInstall-0-120.exe
[2014/09/23 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/09/23 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/09/23 18:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/09/23 18:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/09/23 18:02:46 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Bluestacks
[2014/09/20 10:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/09/15 21:14:38 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\RadioActive_data
[2014/09/15 20:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/15 20:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/15 20:37:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/09/28 22:37:37 | 004,612,140 | ---- | M] () -- C:\Users\testy\Desktop\Unconfirmed 859536.crdownload
[2014/09/28 22:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/09/28 22:18:15 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 22:18:15 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 22:11:22 | 000,001,885 | ---- | M] () -- C:\Users\testy\Desktop\Archeage.lnk
[2014/09/28 21:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/28 21:36:50 | 032,085,104 | ---- | M] (Trion Worlds Inc.) -- C:\Users\testy\Desktop\GlyphInstall-0-120.exe
[2014/09/28 21:21:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/28 21:13:57 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/28 21:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/23 19:32:17 | 000,002,965 | ---- | M] () -- C:\Users\testy\Desktop\save.png
[2014/09/23 18:04:44 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/09/22 20:31:21 | 000,129,507 | ---- | M] () -- C:\Users\testy\Desktop\drawing practice.jpg
[2014/09/15 21:14:39 | 000,022,992 | ---- | M] () -- C:\Users\testy\Desktop\RadioActive.aup
[2014/09/15 20:37:55 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/15 20:34:55 | 326,508,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 17:17:41 | 000,765,700 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/15 17:17:41 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/15 17:17:41 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/15 17:17:29 | 000,765,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/15 17:16:36 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/10 21:21:50 | 003,189,186 | ---- | M] () -- C:\Users\testy\Desktop\RadioActive.mp3
[2014/09/10 21:09:58 | 000,156,563 | ---- | M] () -- C:\Users\testy\Desktop\YOHIO.jpg
[2014/08/31 10:19:03 | 000,002,279 | ---- | M] () -- C:\Users\testy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/31 10:13:55 | 000,356,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/09/28 22:11:22 | 000,001,885 | ---- | C] () -- C:\Users\testy\Desktop\Archeage.lnk
[2014/09/28 21:45:16 | 000,000,997 | ---- | C] () -- C:\Users\testy\Desktop\Glyph.lnk
[2014/09/23 19:32:17 | 000,002,965 | ---- | C] () -- C:\Users\testy\Desktop\save.png
[2014/09/23 18:04:44 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/09/22 20:30:48 | 000,129,507 | ---- | C] () -- C:\Users\testy\Desktop\drawing practice.jpg
[2014/09/15 21:14:38 | 000,022,992 | ---- | C] () -- C:\Users\testy\Desktop\RadioActive.aup
[2014/09/10 21:21:33 | 003,189,186 | ---- | C] () -- C:\Users\testy\Desktop\RadioActive.mp3
[2014/09/10 21:09:57 | 000,156,563 | ---- | C] () -- C:\Users\testy\Desktop\YOHIO.jpg
[2014/08/14 16:23:21 | 000,012,247 | ---- | C] () -- C:\Users\testy\AppData\Local\recently-used.xbel
[2014/07/20 23:05:27 | 000,000,045 | ---- | C] () -- C:\Users\testy\jagex_cl_runescape_LIVE1.dat
[2014/07/20 17:15:27 | 000,000,023 | ---- | C] () -- C:\Users\testy\jagexappletviewer.preferences
[2014/06/25 18:20:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/06/21 12:58:22 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/06/19 11:41:47 | 000,000,132 | ---- | C] () -- C:\Users\testy\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/05/18 18:23:01 | 000,000,044 | ---- | C] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/18 18:23:01 | 000,000,024 | ---- | C] () -- C:\Users\testy\random.dat
[2014/05/15 17:55:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/14 00:07:24 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/09/10 18:33:56 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\.minecraft
[2014/05/16 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Acoustica
[2014/09/16 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Audacity
[2014/06/16 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/07 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/05/22 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/07/13 13:18:17 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\goober
[2014/07/13 13:25:29 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Jitsi
[2014/05/15 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Oracle
[2014/05/16 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SynthMaker
[2014/05/15 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SYSTEMAX Software Development
[2014/06/27 09:56:09 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Wacom
[2014/07/12 23:00:05 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\wacomid-desktop-launcher
[2014/06/27 10:07:43 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 28/09/2014 10:33:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.74 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 55.37% Memory free
11.48 Gb Paging File | 8.38 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 342.70 Gb Free Space | 73.59% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.pif[@ = piffile] -- C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe (Foolish IT LLC)
.scr[@ = scrfile] -- C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe (Foolish IT LLC)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe (Foolish IT LLC)
.scr [@ = scrfile] -- C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe (Foolish IT LLC)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe" *"%1" %* (Foolish IT LLC)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe" "%1" %* (Foolish IT LLC)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe" *"%1" %* (Foolish IT LLC)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe" "%1" %* (Foolish IT LLC)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086BA5A-C0CD-4A4C-8AF6-90E510C89010}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03BDA60B-CFC4-4CF4-8205-13AFF1440E71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{06A152D2-7857-4207-8FF7-002B93DDE5B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DE11B0B-56F4-4D96-B0D4-9D07BC3CD96C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{114B223E-126A-431B-B7A7-B067D44FBA63}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1E34E2B3-848E-4AE9-8C38-0A5991852729}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{221BCD33-D91F-49E8-B7D6-0340892B4745}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{3F8E5706-C178-4C53-A2FE-5A5EB89392B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{436DEE29-3256-458A-B82A-22F6932C29CD}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D2B3340-B9F2-412F-A8B5-204A3AA32E76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56886CB7-F4F3-4D17-9374-2E6313ED2A18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BCEAB2D-7187-46C5-A649-D7D1F5B93DDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65A38268-B243-4E17-8DF2-C8335879EEBF}" = lport=138 | protocol=17 | dir=in | app=system |
"{79592127-F801-4E26-B963-C961B8E4A41B}" = rport=445 | protocol=6 | dir=out | app=system |
"{96EC3EE8-2D53-4660-8A9A-AF55E079624C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC2C6171-7839-4817-9EB1-8CD06271D35E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C79BE452-E4DE-42CE-A79D-CEF888A287EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D28270E5-F449-4E0E-B76E-3FCA77DDD149}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4084FA6-5F91-4DE3-BE7D-B83FC5EFB3D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{EDF130F8-8B25-49C6-8A04-CFC075A4C73F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEDC82EF-AE94-4B00-9857-6A57CCFBA00E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1C047C8-99A7-4431-94C8-9CDD8503E6B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{F29258D0-AEB6-497A-9D37-7E9C00C3F19C}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEC2A8D7-8F77-4AED-BB36-493BFFCAEF34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13FA9DA0-8117-4A65-8454-3C707C12FFE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A09A6C8-9D87-42B4-95C0-AC1FDE364A43}" = protocol=6 | dir=out | app=system |
"{2E074A05-608A-4128-B65F-54830EE11E89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{341165C5-4284-436F-AD5D-3F1F985D245E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E5E8F93-CFE7-42AB-8B3B-85FA660EFB62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C9DEFA4-F4F3-4208-B333-D27F49A4DF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6718DBD1-D43E-4607-BA2A-208493F4CD61}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68B462EA-FCD3-43F8-BA7B-5B9881BF2C84}" = protocol=58 | dir=out |
[email protected],-503 |
"{76801B27-F286-4953-B2E6-02BDA7607D50}" = protocol=1 | dir=out |
[email protected],-28544 |
"{7B4F4F27-7801-40D3-B67B-934AECD5D4A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FA12B2E-5F50-45B6-8B56-177D26F8F49A}" = protocol=58 | dir=out |
[email protected],-28546 |
"{81D83672-271E-43F0-9082-82134151E91A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83028109-9D5C-4481-B3F4-8A6BF662D56B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91EBFB7B-FBB6-4358-9055-EADCA9929C50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C160AA4-91BE-4466-AD5A-8976B1C09D26}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C6CDDEA-4948-4D16-BB4E-C638D8A69918}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E868FFA-6870-4365-AB45-188FF4DE439C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5042A6D-51EA-408D-ACCE-9392E321478A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B540B869-96FC-4CCF-9A82-AFC6F63886A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6A62B4D-4EAD-4D00-94DB-5C2B100B4FCE}" = protocol=58 | dir=in |
[email protected],-28545 |
"{C113B593-E5D2-43F4-8E98-E8AEB72C5170}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D563CBA7-6B2E-415C-965D-EAF7C38D474E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5360AC7-4C91-4127-9266-AD1189FB10ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EAF4B5CD-6DE5-4E0A-8700-EFC85D639485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE723003-20DD-47BD-9CCC-4422350AE738}" = protocol=58 | dir=in | app=system |
"{EF21BBEF-EC80-4F00-B63C-F769A7F1DF4E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F0D9E10A-7CF3-494E-A3B5-DF84565B40DB}" = protocol=1 | dir=in |
[email protected],-28543 |
"TCP Query User{36C2331D-E59C-4583-9DBD-6E3D102CD285}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{76D6C501-5B15-493C-A12D-1C291D8D85AC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A8A90F15-C0B5-42D4-ACC6-5C31D29C20C0}C:\program files (x86)\goober messenger\goober.exe" = protocol=6 | dir=in | app=c:\program files (x86)\goober messenger\goober.exe |
"TCP Query User{B21B9442-7A0B-4805-830E-5D771D527FC1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{DC40B54D-E9BF-44F0-BA09-96AE42C8A9F9}C:\program files (x86)\goober messenger\goober.exe" = protocol=6 | dir=in | app=c:\program files (x86)\goober messenger\goober.exe |
"TCP Query User{E1304953-00EA-4268-B451-CA179FA58C2D}C:\program files (x86)\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"TCP Query User{E484456F-1B01-4105-8B20-4528EE9A8F13}C:\program files (x86)\jitsi\jitsi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jitsi\jitsi.exe |
"TCP Query User{F345A9A9-394C-425C-A3DA-4A535C8EB37E}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{FEB537B0-1477-4438-919F-0B79B7568824}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1C00ED9A-EB46-44AC-BFC3-6A4E29B80A09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4143A530-96D9-48F8-85BB-045A444D7717}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"UDP Query User{4EDC4BE2-76DB-489B-964E-8A0328AF3FFE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{536483B8-C695-4D87-822A-FEAC64691FD9}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"UDP Query User{59E5BE17-74FD-4D07-8EF6-62C01CA320B7}C:\program files (x86)\goober messenger\goober.exe" = protocol=17 | dir=in | app=c:\program files (x86)\goober messenger\goober.exe |
"UDP Query User{5CB033D1-49DB-4FCC-AF8E-CEDE3CFEE855}C:\program files (x86)\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"UDP Query User{822AD225-6409-4B6D-BF16-398DE4090718}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A7360069-E9B1-420F-B73E-EF72A946D248}C:\program files (x86)\jitsi\jitsi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jitsi\jitsi.exe |
"UDP Query User{FFFF3BCB-2DDB-456B-8B18-E46C672D7627}C:\program files (x86)\goober messenger\goober.exe" = protocol=17 | dir=in | app=c:\program files (x86)\goober messenger\goober.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26A24AE4-039D-4CA4-87B4-2F06417060FF}" = Java 7 Update 60 (64-bit)
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"Microsoft Security Client" = Microsoft Security Essentials
"My Lockbox_is1" = My Lockbox 3.2
"Pen Tablet Driver" = Wacom
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F2C90ED-7FF4-4CC4-A876-24F6BB55FA34}_is1" = Portal 2 version 2.0
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v6.0.1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6EBED885-73D9-4750-B96E-FD654500E59F}" = FirstClass Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{835D562C-B72C-461D-A9C3-B8206B66E85A}" = RPG Maker VX Ace
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}" = BlueStacks Notification Center
"{BDF90AE9-C455-49B8-AEC6-D2B9737A4E54}_is1" = Portal 1 version 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS6" = Adobe Photoshop CS6
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Audacity_is1" = Audacity 2.0.5
"Bamboo Dock" = Bamboo Dock
"BlueStacks App Player" = BlueStacks App Player
"DAEMON Tools Pro" = DAEMON Tools Pro
"DVDStyler_is1" = DVDStyler v2.7.2
"FrostWire 5" = FrostWire 5.7.3
"Glyph" = Glyph
"Glyph Archeage" = Archeage
"Google Chrome" = Google Chrome
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinRAR archiver" = WinRAR 5.10 beta 4 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for testy
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for testy
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23/09/2014 10:13:24 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6146
Error - 23/09/2014 10:13:25 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23/09/2014 10:13:25 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7176
Error - 23/09/2014 10:13:25 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176
Error - 23/09/2014 10:13:26 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23/09/2014 10:13:26 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8174
Error - 23/09/2014 10:13:26 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8174
Error - 23/09/2014 10:13:28 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23/09/2014 10:13:28 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9625
Error - 23/09/2014 10:13:28 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9625
[ System Events ]
Error - 30/08/2014 3:17:46 PM | Computer Name = MISA | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
Error - 30/08/2014 3:17:53 PM | Computer Name = MISA | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825
Error
Code: 0x8050a004 Error description: This package does not contain up-to-date definition
files for this program. For more information, see Help and Support. Signature version:
1.183.805.0;1.183.805.0 Engine version: 1.1.10802.0
Error - 30/08/2014 3:20:51 PM | Computer Name = MISA | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854
Source
Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.
Error - 30/08/2014 3:20:51 PM | Computer Name = MISA | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854
Source
Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.
Error - 30/08/2014 3:20:51 PM | Computer Name = MISA | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853
Source
Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.
Error - 31/08/2014 10:13:48 AM | Computer Name = MISA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:10:29 AM on ?31/?08/?2014 was unexpected.
Error - 31/08/2014 10:20:52 AM | Computer Name = MISA | Source = DCOM | ID = 10016
Description =
Error - 31/08/2014 10:20:52 AM | Computer Name = MISA | Source = DCOM | ID = 10016
Description =
Error - 15/09/2014 8:38:31 PM | Computer Name = MISA | Source = DCOM | ID = 10010
Description =
Error - 22/09/2014 8:31:28 PM | Computer Name = MISA | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 70. The internal error state
is 105.
< End of report >