Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox "New Tab" Re-direct; Among other Problems


  • This topic is locked This topic is locked
27 replies to this topic

#1 filia_

filia_

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 02 August 2014 - 10:36 PM

Trovi.com search was installed along with another program's installer - this caused my homepage and new tab windows to redirect to their search in, and installed a "search protection" program to prevent me from changing my homepage through Firefox. I managed to uninstall the protection (through Revo uninstaller), which let me change my homepage fine, but the new tab redirect won't go away. Following Trovi's own website's instructions yields no result, and I can't find any associated programs to get rid of myself.

 

 

Also, unrelated to this issue, Firefox often freezes and hangs/goes nonresponsive. Not just when loading windows and starting, but just randomly while browsing.

 

 

Attached is a HJT log, though I'm not entirely sure it's what I need to help with these issues so just let me know what I did wrong, thanks in advance.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:19:34 PM, on 8/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Firefox\firefox.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Users\Victoria\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?

gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=M958D9606-2A38-40B9-9DEC-

689D2AC4C5C3&SearchSource=55&CUI=&UM=6&UP=SP071C5EBA-13F6-4728-A328-A7675771A446&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?

LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?

LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local;127.0.0.1:9421;<local>;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion

\Installs\cpn0\yt.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-

4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window

Shopper\SuperfishIEAddon.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software

\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll (file missing)
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-

Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs

\cpn0\yt.dll
O4 - HKLM\..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card

Utilities\hpdocstart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Victoria\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Victoria\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

(file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck

\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-

Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources

\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish

\Window Shopper\SuperfishIEAddon.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live

\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live

\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) -

http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo

Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files

(x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files

\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite

\NServiceEntry.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS

\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe

(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe

(file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-

Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWA_Service.exe
O23 - Service: HP Documention Flash Card Detection Service (hpdoccardsvc) - Hewlett-Packard Developement

Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files

(x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files

(x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner -

C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:

\Windows\system32\libusbd-nt.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation

- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files

(x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib

\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe

(file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib

\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program

Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks

\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM

\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam

\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer

\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation

- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file

missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows

\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows

\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate

\YahooAUService.exe

--
End of file - 17800 bytes
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 04 August 2014 - 04:53 PM

Hello filia_,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 05 August 2014 - 10:42 PM

AdwCleaner went unresponsive during cleaning. This persisted for an hour, so I closed it. While scanning, it didn't come up with any items to be removed during cleaning anyway, so I'm not entirely sure whether it was needed or not?

 

RogueKiller results:

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Victoria [Admin rights]
Mode : Scan -- Date : 08/05/2014  23:32:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] a520l692.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 49d87554bb7ea0149925dcc56a537f5b
[BSP] 4e4761c3347a61f7146b5b7ccb125dbc : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455124 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 932503552 | Size: 21512 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 05 August 2014 - 11:04 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 August 2014 - 12:41 AM

Tried rerunning Roguekiller, and the scan took several hours and still had not finished - I'll attempt again, I just don't have the time to leave my computer on right now to run it.

 

Just letting you know that I'm still here and following the instructions, thank you and sorry for the wait on my end.



#6 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 August 2014 - 03:05 PM

Hey, just an update, the Roguekiller scan is being really fickle with times. The first initialization took around ten minutes, now it's taken two hours. And the scan itself, currently ongoing, has been over three hours, and appears to not being responding while "searching for TASKS". Should it be taking this long? I read elsewhere online that it's usually better to run this in safe mode. Any advice?



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 10 August 2014 - 05:43 PM

Go ahead and try it in Safemode


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 August 2014 - 08:25 PM

I completed the RogueKiller scan in Safe Mode. I also completed the JRT scan in regular mode.

I attempted to delete items that RogueKiller found in Registry and in Web Browser tabs (most of the things it found in web browser were my add ons, which were highlighted in green and I left them alone but I attempted to delete one item that was highlighted orange) and these items said "REPLACED" instead of being deleted.

 

Also Firefox remains in the same condition - trovi is still the default new tab page and the browser continues to freeze occasionally.

 

RogueKiller log:

 

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Victoria [Admin rights]
Mode : Remove -- Date : 08/10/2014  20:43:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FIREFX:Addon] a520l692.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> DELETED
[PUM.Proxy][FIREFX:Config] a520l692.default : user_pref("network.proxy.type", 4); -> REPLACED (0)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 49d87554bb7ea0149925dcc56a537f5b
[BSP] 4e4761c3347a61f7146b5b7ccb125dbc : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455124 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 932503552 | Size: 21512 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08102014_202808.log - RKreport_SCN_08052014_233233.log - RKreport_SCN_08102014_202418.log - RKreport_SCN_08102014_203520.log

 

 

 

 

 

 

 

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Victoria on Sun 08/10/2014 at 21:05:26.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4260182C-53DC-5177-430F-D0D732B41839}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F906882-B29D-43F5-9A6C-B2478E0F4F92}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Victoria\appdata\locallow\superfish"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Victoria\appdata\local\{11646873-DA4A-454E-9D8E-C0290F275CF5}
Successfully deleted: [Empty Folder] C:\Users\Victoria\appdata\local\{4106B8FB-B23C-41AD-84BE-C7E8CD794BF9}
Successfully deleted: [Empty Folder] C:\Users\Victoria\appdata\local\{494F14EB-5C44-4276-8337-2B18A18CD72E}
Successfully deleted: [Empty Folder] C:\Users\Victoria\appdata\local\{671A879C-2B5D-4A44-BEF9-96CA663FEA1A}
Successfully deleted: [Empty Folder] C:\Users\Victoria\appdata\local\{797C63B8-0781-452A-858E-BBDB190A667D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/10/2014 at 21:14:43.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files


Edited by filia_, 10 August 2014 - 08:26 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 10 August 2014 - 08:27 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 August 2014 - 09:01 PM

It's pretty much the same. Firefox still freezes occasionally and trovi is still the default page for when I open a new tab.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 10 August 2014 - 10:01 PM

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 August 2014 - 02:21 PM

Here is the OTL file:

 

OTL logfile created on: 8/11/2014 2:06:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Victoria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 42.67% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 191.89 Gb Free Space | 43.17% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.02 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 83.88 Mb Free Space | 84.71% Space Free | Partition Type: FAT32
 
Computer Name: SHELDON | User Name: Victoria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/11 14:04:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
PRC - [2014/07/29 21:11:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Firefox\firefox.exe
PRC - [2014/07/29 21:11:15 | 000,018,544 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Firefox\plugin-container.exe
PRC - [2014/07/29 19:14:10 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/27 21:55:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/27 21:53:09 | 000,198,200 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\instup.exe
PRC - [2014/07/15 22:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/07/08 23:28:19 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/07 22:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/04/30 21:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/30 21:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/24 12:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/08 19:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/29 21:11:17 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Firefox\mozjs.dll
MOD - [2014/07/27 21:55:23 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/27 21:55:22 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/15 22:28:28 | 002,139,328 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/07/15 22:28:18 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/07/11 20:53:26 | 001,116,672 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/07/11 20:53:26 | 000,438,784 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/07/11 20:53:26 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/07/11 20:53:26 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/07/08 23:28:19 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/06/26 18:40:28 | 000,764,416 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/27 21:55:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/06 15:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/11/29 18:03:47 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 18:03:47 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/18 18:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/16 17:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2014/07/29 21:11:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/15 22:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/07/08 23:28:20 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 22:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/01/12 13:15:37 | 004,266,480 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/30 21:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/04/30 21:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/24 12:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/08 19:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/10 20:31:39 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/27 21:56:14 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/27 21:55:27 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/27 21:55:27 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/27 21:55:27 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/27 21:55:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/27 21:55:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/27 21:55:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/27 21:55:26 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 14:31:18 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/29 14:29:48 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/17 13:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/29 18:03:48 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/10 22:37:23 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/08/26 13:21:01 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/30 21:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/29 23:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/11 18:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 21:45:06 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F4020E3D-8C88-4F03-9587-3B7C65A70A92}
IE - HKLM\..\SearchScopes\{C8B98D0A-CA1E-4623-B56B-23388191BF78}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{F4020E3D-8C88-4F03-9587-3B7C65A70A92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{813C85DA-71D0-40A6-AEFB-D1E4102A5297}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
IE - HKCU\..\SearchScopes\{BA4F0041-6CE0-462A-BE3A-41F19C28F199}: "URL" = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
IE - HKCU\..\SearchScopes\{C64ED162-B3E5-476C-9CE8-CA76CFEDE9FB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{C8B98D0A-CA1E-4623-B56B-23388191BF78}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{F4020E3D-8C88-4F03-9587-3B7C65A70A92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=617686"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: giorgio%40gilestro.tk:1.0.6
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: btpersonas%40brandthunder.com:1.6.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=617686&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=617686&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Victoria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/27 21:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/03 16:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2014/07/29 21:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2014/07/29 21:11:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
 
[2010/08/10 16:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Extensions
[2014/07/23 21:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions
[2014/07/10 21:36:09 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com
[2013/02/09 12:38:33 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\amznUWL2@amazon.com.xpi
[2012/12/14 23:42:58 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\giorgio@gilestro.tk.xpi
[2013/11/29 02:25:41 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi
[2013/05/17 18:05:36 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/07/23 21:43:58 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/08/13 18:29:59 | 000,001,834 | ---- | M] () -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\searchplugins\bing.xml
[2014/07/27 22:07:47 | 000,008,074 | ---- | M] () -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\searchplugins\yahoo_ff.xml
[2014/07/27 21:55:28 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Victoria\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini File not found
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
O4 - HKCU..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Victoria\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D4E125-ADC8-4BC0-AE66-8F6E63A939E5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b872554d-5f59-11e2-a6d4-e48d4badbbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{b872554d-5f59-11e2-a6d4-e48d4badbbf9}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{f778aa80-778a-11e2-94e2-aa97544c5efe}\Shell - "" = AutoRun
O33 - MountPoints2\{f778aa80-778a-11e2-94e2-aa97544c5efe}\Shell\AutoRun\command - "" = G:\picasa36-setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\system32\vp6vfw.dll File not found
Drivers32: vidc.VP61 - C:\Windows\system32\vp6vfw.dll File not found
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/11 14:04:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
[2014/08/10 21:05:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/10 20:59:36 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Victoria\Desktop\JRT.exe
[2014/08/10 00:23:01 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2014/08/07 14:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/05 23:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/01 23:52:35 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\vlc
[2014/08/01 23:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/08/01 23:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/08/01 23:22:27 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Apps
[2014/08/01 23:15:55 | 000,000,000 | -HSD | C] -- C:\Users\Victoria\AppData\Local\EmieUserList
[2014/08/01 23:15:55 | 000,000,000 | -HSD | C] -- C:\Users\Victoria\AppData\Local\EmieSiteList
[2014/08/01 22:59:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/31 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/31 17:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/31 17:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/07/31 17:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/07/29 21:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox
[2014/07/27 21:55:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/17 00:55:16 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Documents\Webcam
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/11 14:29:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/11 14:04:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
[2014/08/11 14:03:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/10 21:06:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/10 21:06:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/10 20:59:38 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Victoria\Desktop\JRT.exe
[2014/08/10 20:54:37 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2014/08/10 20:53:02 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/10 20:31:39 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/09 20:10:07 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVictoria.job
[2014/08/03 15:22:02 | 000,001,060 | ---- | M] () -- C:\Users\Victoria\Desktop\VLC media player.lnk
[2014/08/03 12:33:03 | 000,001,051 | ---- | M] () -- C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/03 12:32:45 | 000,001,025 | ---- | M] () -- C:\Users\Victoria\Desktop\Dropbox.lnk
[2014/08/03 12:29:25 | 000,000,064 | ---- | M] () -- C:\dvmaccounts.ini
[2014/08/01 19:46:23 | 000,000,853 | ---- | M] () -- C:\Users\Victoria\Desktop\µTorrent.lnk
[2014/08/01 19:46:23 | 000,000,833 | ---- | M] () -- C:\Users\Victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/31 17:35:15 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/27 21:56:26 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/07/27 21:56:14 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/07/27 21:55:27 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/07/27 21:55:27 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/07/27 21:55:27 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/07/27 21:55:27 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/07/27 21:55:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/07/27 21:55:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/07/27 21:55:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/07/27 21:55:26 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/07/27 21:55:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/10 00:24:01 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2014/08/05 23:05:21 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/03 15:22:02 | 000,001,060 | ---- | C] () -- C:\Users\Victoria\Desktop\VLC media player.lnk
[2014/08/03 12:29:25 | 000,000,064 | ---- | C] () -- C:\dvmaccounts.ini
[2014/08/01 19:46:23 | 000,000,853 | ---- | C] () -- C:\Users\Victoria\Desktop\µTorrent.lnk
[2014/08/01 19:46:23 | 000,000,833 | ---- | C] () -- C:\Users\Victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/31 17:35:15 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/03 23:42:10 | 000,001,456 | ---- | C] () -- C:\Users\Victoria\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/09 00:43:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/07/06 16:35:00 | 000,000,132 | ---- | C] () -- C:\Users\Victoria\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/17 12:59:53 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/20 21:45:50 | 000,001,854 | ---- | C] () -- C:\Users\Victoria\AppData\Roaming\GhostObjGAFix.xml
[2010/09/06 00:39:14 | 000,000,132 | ---- | C] () -- C:\Users\Victoria\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/19 15:52:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/29 14:12:58 | 000,000,000 | -HSD | M] -- C:\Users\Victoria\AppData\Roaming\.#
[2011/04/23 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\.minecraft
[2012/11/12 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\.mono
[2013/12/22 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\3909
[2010/08/13 16:37:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\acccore
[2013/03/03 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Audacity
[2014/04/07 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Autodesk
[2013/11/14 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\AVAST Software
[2013/09/22 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\DragonicaECB
[2014/08/10 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Dropbox
[2012/02/16 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\IObit
[2013/03/21 23:14:50 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\MotoCast
[2013/01/30 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Motorola
[2013/01/30 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Motorola Mobility
[2014/03/26 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\OBS
[2012/08/15 23:03:03 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\ooVoo Details
[2011/12/23 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PlayFirst
[2013/06/17 00:47:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\RenPy
[2012/01/26 00:46:39 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SecondLife
[2012/04/22 11:46:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/10 16:39:24 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SYSTEMAX Software Development
[2012/10/07 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SystemRequirementsLab
[2013/08/15 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\TeamViewer
[2014/08/10 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\uTorrent
[2010/11/13 21:21:59 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/02 00:06:44 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/09/13 16:32:05 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForVictoria.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/05/29 14:12:58 | 000,000,000 | -HSD | M] -- C:\Users\Victoria\AppData\Roaming\.#
[2011/04/23 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\.minecraft
[2012/11/12 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\.mono
[2013/12/22 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\3909
[2010/08/13 16:37:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\acccore
[2013/11/23 01:09:52 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Adobe
[2012/04/22 11:46:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Adobe Mini Bridge CS5
[2011/12/25 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Apple Computer
[2013/03/03 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Audacity
[2014/04/07 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Autodesk
[2013/11/14 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\AVAST Software
[2011/06/05 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\CyberLink
[2011/11/04 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\DivX
[2013/09/22 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\DragonicaECB
[2014/08/10 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Dropbox
[2011/06/25 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Hewlett-Packard
[2010/08/23 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\HP Support Assistant
[2011/09/29 14:32:45 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\hpqlog
[2010/08/23 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\HpUpdate
[2010/08/10 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Identities
[2012/02/16 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\IObit
[2010/08/10 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Macromedia
[2012/05/08 13:56:47 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Malwarebytes
[2010/06/26 05:32:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Media Center Programs
[2012/11/13 00:11:49 | 000,000,000 | --SD | M] -- C:\Users\Victoria\AppData\Roaming\Microsoft
[2013/03/21 23:14:50 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\MotoCast
[2013/01/30 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Motorola
[2013/01/30 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Motorola Mobility
[2010/08/10 16:35:39 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Mozilla
[2014/03/26 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\OBS
[2012/08/15 23:03:03 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\ooVoo Details
[2011/12/23 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PlayFirst
[2013/04/03 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Real
[2013/04/03 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\RealNetworks
[2013/06/17 00:47:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\RenPy
[2012/01/26 00:46:39 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SecondLife
[2013/09/06 19:02:38 | 000,000,000 | RH-D | M] -- C:\Users\Victoria\AppData\Roaming\SecuROM
[2014/08/09 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Skype
[2010/08/19 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\skypePM
[2012/09/09 00:41:19 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Sony Corporation
[2012/04/22 11:46:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/10 16:39:24 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SYSTEMAX Software Development
[2012/10/07 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\SystemRequirementsLab
[2013/08/15 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\TeamViewer
[2014/08/10 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\uTorrent
[2014/08/03 00:47:39 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\vlc
[2010/11/13 21:21:59 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Windows Live Writer
[2010/08/14 12:14:53 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\WinRAR
[2012/01/06 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\WTablet
 
< %APPDATA%\*.exe /s >
[2014/07/21 17:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Victoria\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/07/21 17:06:00 | 000,262,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Victoria\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/07/21 17:02:54 | 000,280,640 | ---- | M] (Dropbox, Inc.) -- C:\Users\Victoria\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2011/05/12 00:00:58 | 000,188,152 | ---- | M] () -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\FlashGot.exe
[2012/10/10 14:13:11 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2013/06/29 21:12:32 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg11\rnupgagent.exe
[2013/07/08 21:12:40 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg12\rnupgagent.exe
[2013/09/06 14:30:08 | 000,469,072 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg14\rnupgagent.exe
[2013/09/16 14:30:29 | 000,469,072 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg15\rnupgagent.exe
[2012/12/19 21:26:02 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg2\rnupgagent.exe
[2012/12/28 23:20:34 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg3\rnupgagent.exe
[2013/01/24 23:20:51 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg6\rnupgagent.exe
[2013/02/02 23:20:56 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg7\rnupgagent.exe
[2013/03/28 16:24:38 | 000,448,592 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg8\rnupgagent.exe
[2013/06/11 21:12:20 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\temp\~Upg9\rnupgagent.exe
[2013/09/06 14:30:08 | 000,469,072 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
[2013/09/06 17:31:04 | 000,775,344 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victoria\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\stub_exe\RealPlayer.exe
[2014/08/01 19:46:23 | 001,329,744 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe
[2013/08/01 16:59:11 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.3.1_29988.exe
[2013/08/13 22:54:35 | 000,888,152 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe
[2013/10/16 21:18:23 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.3.2_30180.exe
[2013/10/25 23:36:10 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.3.2_30260.exe
[2013/11/29 22:59:37 | 000,900,440 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
[2014/04/17 17:38:12 | 001,268,816 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.4.1_30740.exe
[2014/05/03 22:03:33 | 001,266,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
[2014/05/16 22:24:25 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014/07/27 22:04:47 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
[2014/08/01 19:45:45 | 001,329,744 | ---- | M] (BitTorrent Inc.) -- C:\Users\Victoria\AppData\Roaming\uTorrent\updates\3.4.2_32239.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\spbin] ->  -> Unknown point type

< End of report >
 

 

 

 

 

 

 

Here is the Extras file:

 

OTL Extras logfile created on: 8/11/2014 2:06:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Victoria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 42.67% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.46 Gb Total Space | 191.89 Gb Free Space | 43.17% Space Free | Partition Type: NTFS
Drive D: | 21.01 Gb Total Space | 3.02 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 83.88 Mb Free Space | 84.71% Space Free | Partition Type: FAT32
 
Computer Name: SHELDON | User Name: Victoria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0420AF0F-A1E5-4DB5-BD7D-CDCC35E25CBF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14F10A62-FB45-41F3-BAF5-6E4632C690C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{2DCFFE78-319A-4448-AC37-57DF7C04B267}" = rport=138 | protocol=17 | dir=out | app=system |
"{2ED21B7D-E0F5-4658-98FF-ED3C06A7BD4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3697183E-6677-46EF-8F82-61B582304559}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47A00B6F-B8C6-49E0-8AA7-A7DD39AF732E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5732B88D-0FA4-4D9C-83C5-D41613901097}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67D9EA8D-06DD-487B-90A1-2213F8A44019}" = rport=445 | protocol=6 | dir=out | app=system |
"{6F736570-E4EC-4BBD-A4AE-2C896BD3F6D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{730E0C74-0DA0-4B15-9BAC-30F18F4B18ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{75939806-9338-4341-A5C9-137037B3A60D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8505351A-C89F-48E2-8D82-47F0EE81ACAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89FAD697-A51A-414B-8CF4-D89BC4AEBDB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C011485-8B6E-4A63-A6C4-64196D1F213A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9006C283-442A-4256-8FAC-EDE1374F620F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{91FE9DD0-5430-4A08-AA21-85AF6464DA9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{978ACBA3-FBA6-4344-B526-5645C90E5CFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE4FC39D-9582-4FF4-A4F9-E96B49BBFACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B18A4FF8-3ACB-4B1F-828E-63EDCC905CF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B634518D-14B5-4148-8E88-E973EB741A30}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB2D23CC-AFE6-4630-A005-3931DEDE23EB}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{C170DBE4-3033-4A98-A494-6FF89610EBE3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C925A25C-FA1D-4E35-A931-0D6A0AE82676}" = lport=445 | protocol=6 | dir=in | app=system |
"{D834B4B4-4F31-4DDB-86D2-1D2F94028DEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD7440F9-5DCE-4221-BAC9-B3493CA3D23B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8A89B5B-5153-4FDF-BB72-0EA3BCB4E12B}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8FD28D3-5AB3-43A3-8B70-2657E687B858}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE4ED870-E81C-4380-8F27-BFEA4ABC30C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDF5A377-29C4-44DC-8B23-1514D39F514D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005360A6-0B7D-4189-894F-AC001A524FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{03848B51-7880-4354-A3B9-047769F348CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{03DA2564-68D4-433A-B03A-D08EA5CE03B7}" = protocol=17 | dir=in | app=c:\users\victoria\appdata\roaming\utorrent\utorrent.exe |
"{06A3A0D2-77B5-49CD-9619-24CB6B3E87B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{0783EE4E-406C-45EF-B72D-097E6E11D912}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{07EF4387-03F3-4BCD-902E-CEF929CC9EBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BEDE433-8583-404C-AE72-E1A2D676B4EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vanguard-princess\vanpri.exe |
"{0CA7D6B7-FCB2-4F73-8AC9-589FA59B398D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{0D63FD3C-16E1-46FB-B8BB-48C7A2ECBC5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{0DB6F628-223D-4EDC-AE1A-C0D4B85DCDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe |
"{100BB673-EB8E-4FFD-9471-FD491D360A4F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10B282AE-2FDD-4F55-B3F5-342C38E7C7F5}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{1155BB21-E526-45BF-93EE-B7CB3F9C6C62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{13FCB125-9E65-4B49-8610-D44207C840A7}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{1426B244-D8DD-4261-8952-FDEEB7D4A478}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{1CB56A5F-93D1-41C6-B277-662D3ACB1FD3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1D9F24CA-BF2F-46F9-9F69-DFAC056F7D23}" = protocol=6 | dir=in | app=c:\users\victoria\appdata\roaming\utorrent\utorrent.exe |
"{1F13996B-173F-40E9-93C4-4BC3591DF6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1F45119D-0739-47F7-A7C0-630BECB1B758}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{229498B4-C646-41C1-AB14-A3BE19BE5F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22A6F9EF-4363-4589-9332-D723AA863ED8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{260C10FA-7FE4-4FA8-B34E-8D9726AF509D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{26BFF928-E681-4006-BBE8-EA242FDCC365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{2A9799FB-1785-4C1F-A1A8-D65649E902B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CDD67B8-67E8-4059-A150-C2E4068D7C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divekick\divekickd3d11.exe |
"{2DB42D06-621D-4DFB-AE82-F2966451BE12}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2DC01308-2454-4F10-933B-1B06DC7C107B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe |
"{31E468A8-1DF1-432E-A385-10CBDD6E518C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{32E208BD-2693-4D7F-A102-C58876165919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"{35386A8B-DEFC-47E2-8A22-A6F6EA7FA927}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3955489D-8A96-4E0C-B06D-BBC00851060C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D8EC5A1-8FF1-42D2-8DF5-6CBA3B7FE5AC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{403819A2-0834-4C12-B892-2E096CA19987}" = protocol=17 | dir=in | app=c:\users\victoria\appdata\roaming\dropbox\bin\dropbox.exe |
"{42FAC9BF-D0B5-4CB5-89B7-2CC2B87D292A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{42FB626B-40CC-462A-8794-B27B3806F918}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4521BAF9-6FF3-4898-B53D-003FF4F0ED61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{453F96D7-8724-441E-B5AB-E30E9D3A84A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divekick\divekickd3d11.exe |
"{503EAA00-1719-4F9E-80C9-D17D88764CB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50E034B5-C66C-48DB-B18B-3C62C7A43A6A}" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"{545DD346-5A15-48C9-82CC-83C0C884194A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5631DD73-AE1A-4C7C-88ED-AAF2FB6A1B8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56A17F52-315D-4C9E-B314-0E008C7BA4BE}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{5CBCC1A2-4BC4-436D-9AEE-B78957F145CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E09A46A-C5F6-4474-9D4D-9612FA4B09B1}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{5E3513B3-6814-4E7E-9CE7-23BFDC74DEA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{5EA3BAF0-A2C7-4684-AC38-46C7CA2B0D65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6297F25A-04C0-4DCA-8096-ECE9C36E26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{62F56087-7958-41C3-989B-FC3E2EAA6D35}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6455D62E-199E-454B-B632-D5104B50944F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{68E66FF0-A278-4196-9395-F674366C4A62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{6AAB08B3-0103-4616-B8C0-0C5DD0AC42B9}" = protocol=6 | dir=out | app=system |
"{6BF214CB-01A6-4C5D-996D-CEAAE53D016C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe |
"{6C791C0F-DF0A-4464-8593-C89AD4B0CE69}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6DE66B84-783E-49DB-824D-ADB0292ED27F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{7146772F-4F9C-4893-B132-337F6952C59C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{72D0DF11-340E-4787-8773-81A848CA1DF7}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{788DCD86-A9D8-4577-8DBC-DD5EC8B8B209}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A36EDC7-8B25-44C4-87F1-062210757EE5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7BD17DE9-E60E-4618-9134-A47172F5FC1E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8107ABAF-CF8D-452B-AC86-360359DF2EB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{858CFD2E-5CFD-4950-9621-2CE1B9D8B67D}" = protocol=17 | dir=in | app=c:\users\victoria\appdata\local\akamai\netsession_win.exe |
"{8CB09452-1E4F-47B8-AFF1-CA5FDC94446A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{8F44F0F7-DCEF-493A-A520-DFB2AEBA283B}" = protocol=6 | dir=in | app=c:\users\victoria\desktop\oc11b72rv1.exe |
"{90375D95-772F-467C-8818-1E527DA6E83D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{9040A97B-3099-4B3B-A6B8-A40F2C1C46DE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{91CED7DC-6FE8-493F-AE3D-601F57929C33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{96ED0835-D7B2-4FE4-B575-526109AB759F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{9A1A3C26-ED76-4CB4-BB7E-B20ED3A0025B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gogonippon\gogonippon\bgi.exe |
"{9EC2F8DA-F135-433E-8FE4-91F0B21AA3E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{9ED79058-FDD7-4D9E-A79F-23F1A37655B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9EE8A077-F84F-47C2-B167-B369158B7891}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{9FDC2A99-A471-479F-8CAC-BAC2510E0A16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A04C7E20-6512-4CB6-9835-AB833AA34585}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{A1D6D4DB-BB21-46E3-8487-10879905FD91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A1ECFE85-4CE8-43E2-BA37-7C81365C74F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divekick\divekickd3d11.exe |
"{A515A0D0-3E13-4DC5-B693-5595DA5860B3}" = protocol=6 | dir=in | app=c:\users\victoria\appdata\local\akamai\netsession_win.exe |
"{A517D4E8-B785-43A6-AAC1-FD7FD57A66E2}" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"{A90BE47C-797B-41B6-8BFF-443B49DA3291}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB240CC5-58B4-4085-840F-9281FB05D28F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe |
"{AB816BE8-2015-4670-93B2-7FB5C4F0184F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE8DCB23-3C02-4C96-B816-C6B116EC1A9F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{AFBD7542-03D0-42CB-9D91-DBCCBE63B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B2C9F63B-A8CC-4733-A1CD-A5E824E5AB62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{B66905E9-6152-40C2-B386-063C7875E0C7}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{B67FFE10-9BAF-46AB-A2EC-2950EB7ABD0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B732EFE4-2E4B-4A60-91B7-935363E3F828}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8ADA60E-0BFD-43EF-9FE8-4300183BF462}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{BED572B0-D4A9-401E-ACC6-C02A3EFC5CBE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{BEEA2B7B-8C79-444A-92E2-90AF4774FEF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{C1A93D1E-DC2F-4CFD-AC40-86283A0581BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4D3167D-8898-4F96-9775-C966316CBE3C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8162C3A-837E-4C4A-8DBB-9C6D8FB7986D}" = protocol=6 | dir=in | app=c:\users\victoria\appdata\roaming\utorrent\utorrent.exe |
"{CA345049-9BC3-48E0-B501-DC337EE7F0EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CBFF4F06-C151-4368-937F-732ED37E28E9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D13A4EF8-2B0A-45C2-BEA3-124390A9A8CC}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D1A60583-4DB7-4F99-A201-12DD99EFB676}" = protocol=6 | dir=in | app=c:\users\victoria\appdata\roaming\dropbox\bin\dropbox.exe |
"{D2BAA37B-2038-4395-B557-CFADE3D4EB23}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DA461DDA-80FD-4033-8472-AF34EC60C159}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"{DC79E847-88D9-4C70-B3A6-B2BBC56AF410}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gogonippon\gogonippon\bgi.exe |
"{DEA511D2-B5B4-4B52-BF79-BC75FDA8DC4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEF00133-3C7A-40EA-82DA-CFB268D49D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{DFBBBD4A-B90C-4FDB-80C9-86139C335FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3E7655E-DA17-4B8E-A79A-62B104E84FC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E3F0E3EF-20C0-40FF-9B89-8A49395D23E4}" = protocol=17 | dir=in | app=c:\users\victoria\desktop\oc11b72rv1.exe |
"{E61BF27D-28CB-436C-A1C1-0891C518E6AC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E6700729-04D9-47A4-A603-43429C312ED7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E816E9B9-266E-41EE-8446-0A350807E847}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vanguard-princess\vanpri.exe |
"{E81D484E-B4A4-4F86-96BD-86E3D1CB9DDC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E89184FA-1191-4E79-A04B-88122B11C339}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ECCF1340-026F-441B-95A2-02B20E521BDA}" = protocol=17 | dir=in | app=c:\users\victoria\appdata\roaming\utorrent\utorrent.exe |
"{F34B033C-6EE4-496A-8CC2-999923627590}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{F4BC8D56-EA12-4FCD-8C55-B38D7507A77B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F54F9FB7-E1D8-4EAD-AEC9-C06724729340}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FA978D14-3C6A-4458-BB04-22D770855232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divekick\divekickd3d11.exe |
"TCP Query User{2E49CD63-ADBD-4E9E-A7E4-FA89FD2287A7}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{4F677C05-F1BC-4C56-B2EB-1649B2B2795F}C:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"TCP Query User{55486AED-36E5-4157-B9D3-6998C4F2B9FA}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{6275B3E3-CAAC-41A2-BBC5-261411F5BE65}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{6FE50410-0FC8-41CB-802C-5733332F9125}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"TCP Query User{743DE2C5-0927-4991-8B50-E6C9506EB62E}C:\program files (x86)\steam\steamapps\sadistictampon\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sadistictampon\team fortress 2\hl2.exe |
"TCP Query User{992D4541-789D-4800-AFB6-2132D02CC8EB}C:\users\victoria\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\victoria\appdata\local\akamai\netsession_win.exe |
"TCP Query User{AA77BEC4-3273-41F7-AD32-37D8A6C5BFC0}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{B72875AD-B2D5-4A60-9D37-2C93677DF65F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{D1B98DE0-7C42-411F-8D4E-A76B8A7F8FD7}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{D1E74C94-1547-49E7-8000-E99A1C0C4356}C:\users\victoria\desktop\oc11b72rv1.exe" = protocol=6 | dir=in | app=c:\users\victoria\desktop\oc11b72rv1.exe |
"UDP Query User{00AD893F-DB98-4C30-A041-B5CAED775B52}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"UDP Query User{112D7052-BAD7-4142-BD76-BA10E5BB8A0B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{1D6C3250-C5AE-404A-B513-1231BBAEB1F9}C:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"UDP Query User{2B373734-47F4-4BD4-9F03-C6F1AD1DF955}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{3FB60FEE-809B-4913-BF38-2D8C85A346EC}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{4A794D82-C737-402A-836B-3F1785B8F57F}C:\program files (x86)\steam\steamapps\sadistictampon\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sadistictampon\team fortress 2\hl2.exe |
"UDP Query User{4E05299E-1903-42A0-8594-15B33A29E153}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{6F9FA5C8-DDA7-4DE0-980A-1CB4F500DE01}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{9B05D2D2-0C02-4518-8E2D-8D7A244BBD96}C:\users\victoria\desktop\oc11b72rv1.exe" = protocol=17 | dir=in | app=c:\users\victoria\desktop\oc11b72rv1.exe |
"UDP Query User{D6974D38-25A3-409E-BEA5-2E95BEB872F6}C:\users\victoria\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\victoria\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ED9E3EAE-6C1B-4EC6-9874-99AFE99751A6}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}" = Optimum App for Laptop 1.62
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom Tablet Driver" = Wacom Tablet
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A574D80-0A3B-4DE0-8748-739BABD8BFAD}" = Autodesk SketchBook Copic Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{31EEA563-3544-4EA1-8773-BCBF83F9627A}" = HP Software Framework
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53466613-9260-4814-AE66-7F3A3FA978D3}" = Livestream for Producers
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}" = Livestream Procaster
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AIM_7" = AIM 7
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comical_is1" = Comical 0.8
"Driver Performer_is1" = Driver Performer
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"JTablet" = JTablet
"Katawa Shoujo" = Katawa Shoujo
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Project 64_is1" = Project 64 version 2.1.0.1
"Revo Uninstaller" = Revo Uninstaller 1.95
"SpeedFan" = SpeedFan (remove only)
"Steam App 204360" = Castle Crashers
"Steam App 239030" = Papers, Please
"Steam App 244730" = Divekick
"Steam App 245170" = Skullgirls
"Steam App 251870" = Go! Go! Nippon! ~My First Trip to Japan~
"Steam App 262150" = Vanguard Princess
"Steam App 45760" = Super Street Fighter IV: Arcade Edition
"Steam App 550" = Left 4 Dead 2
"Steam App 8980" = Borderlands
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/11/2014 2:37:08 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/11/2014 2:37:08 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121
 
Error - 8/11/2014 2:37:08 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121
 
Error - 8/11/2014 2:37:09 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/11/2014 2:37:09 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3245
 
Error - 8/11/2014 2:37:09 AM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3245
 
Error - 8/11/2014 2:03:03 PM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/11/2014 2:03:03 PM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 41157432
 
Error - 8/11/2014 2:03:03 PM | Computer Name = Sheldon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 41157432
 
Error - 8/11/2014 3:03:22 PM | Computer Name = Sheldon | Source = System Restore | ID = 8193
Description =
 
[ Hewlett-Packard Events ]
Error - 9/28/2012 5:05:06 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 9/28/2012 5:05:06 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 9/28/2012 5:05:06 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/5/2012 11:57:05 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/5/2012 11:57:05 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/5/2012 11:57:18 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/26/2012 11:21:12 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 12:07:31 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/26/2013 1:49:38 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description =
 
Error - 3/26/2013 1:41:59 PM | Computer Name = Sheldon | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 3893  Ram Utilization: 50  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
[ HP Wireless Assistant Events ]
Error - 8/10/2014 12:18:07 AM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at
 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 8/10/2014 12:20:07 AM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at
 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 8/10/2014 12:27:29 AM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 8/10/2014 12:47:57 PM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 8/10/2014 8:56:07 PM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 8/11/2014 2:37:03 AM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 8/11/2014 2:37:03 AM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 8/11/2014 2:56:44 PM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 8/11/2014 3:04:28 PM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 8/11/2014 3:15:17 PM | Computer Name = Sheldon | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at
 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
[ System Events ]
Error - 8/11/2014 2:03:05 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:06 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:08 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:13 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:16 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:16 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:31 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:31 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:38 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 8/11/2014 2:03:38 PM | Computer Name = Sheldon | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
 
< End of report >
 



#13 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 August 2014 - 03:04 PM

Since running this scan, on top of trovi still being my new page redirect and firefox freezing, any site with flash (such as Youtube) prompts a keep running/stop script, and either way adobe plugin will crash. This keeps happening even after closing Firefox. Videos and such don't load at all. Not sure if it correlates.

 

I tried to restart to see what would happen and now my computer is taking longer than usual to even shut down.

 

Edit: Restarting fixed the shockwave/flash plugin issue, everything loads properly now. However, I had to press the power button to shut down my computer because it was still on the Shutting Down page after I had left it for about 30 minutes.


Edited by filia_, 11 August 2014 - 04:05 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 11 August 2014 - 07:44 PM

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {F4020E3D-8C88-4F03-9587-3B7C65A70A92}
    IE - HKLM\..\SearchScopes\{C8B98D0A-CA1E-4623-B56B-23388191BF78}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    [2014/07/10 21:36:09 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Victoria\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini File not found
    O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
    O4 - HKCU..\Run: [uTorrent] C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2014/08/01 19:46:23 | 000,000,853 | ---- | M] () -- C:\Users\Victoria\Desktop\µTorrent.lnk
    [2014/08/01 19:46:23 | 000,000,833 | ---- | M] () -- C:\Users\Victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 filia_

filia_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 13 August 2014 - 04:12 PM

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8B98D0A-CA1E-4623-B56B-23388191BF78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8B98D0A-CA1E-4623-B56B-23388191BF78}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\searchplugins folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\modules folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\META-INF folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\defaults\preferences folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\defaults folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\components folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\window folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\position folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\icons folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\buttons folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\skin folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\locale\en-US folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\locale folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\prestosavings folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweatherbug folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweather folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btptoolbarbutton folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpbutton folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome\content folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com\chrome folder moved successfully.
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\a520l692.default\extensions\btpersonas@brandthunder.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DS3 Tool deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Users\Victoria\AppData\Roaming\uTorrent\uTorrent.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ deleted successfully.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Victoria\Desktop\µTorrent.lnk moved successfully.
C:\Users\Victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08132014_170655
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users