Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow Computer

Unread postby thefuzz1877 » July 3rd, 2013, 10:00 am

Hello,

My computer has became sluggish as of late. Cleaning, defraging and optimizing the hard drive has not solved the problem. It feels as though something is working in the background and sucking down system resources. My logs are attached below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Adam at 9:55:21 on 2013-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5907 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?l=dis&o=1689
uDefault_Page_URL = hxxp://AlienwareArena.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 208.104.244.45 208.104.2.36 208.104.2.85
TCP: Interfaces\{740418D5-875F-450D-A21C-210F09EA9CD2} : DHCPNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Adam\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-19 10:44; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2013-06-19 11:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2011-07-11 15:42; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; C:\Program Files (x86)\Object\facetheme
FF - ExtSQL: !HIDDEN! 2012-09-26 11:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-1 55856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-31 283200]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-1 13336]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-7-1 32544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-1 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-1 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-1 347680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-21 15296]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-12-17 121416]
S3 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-7-1 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-7-1 29472]
S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-7-1 705856]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-7-1 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-13 1255736]
S4 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-30 25416]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-30 366152]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2013-07-03 07:32:57 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C97117DB-8D14-4B59-914B-1CDE538CEE8D}\mpengine.dll
2013-06-21 13:32:34 -------- d-----w- C:\Users\Adam\AppData\Local\Microsoft Games
2013-06-18 20:15:51 -------- d-----w- C:\Swsetup
2013-06-18 20:04:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-17 00:42:25 68232 ----a-w- C:\Windows\UnDeployV.exe
2013-06-17 00:42:25 -------- d-----w- C:\Program Files (x86)\SCDemo
2013-06-13 07:02:36 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-13 04:13:50 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-13 04:00:38 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-06 00:29:26 -------- d-----w- C:\ProgramData\Orbit
2013-06-06 00:19:41 -------- d-----w- C:\Program Files (x86)\FarCry 3
.
==================== Find3M ====================
.
2013-06-24 14:56:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-18 20:04:31 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-18 20:04:31 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 04:00:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 04:00:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:55:45.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2011 3:17:21 PM
System Uptime: 7/3/2013 8:05:08 AM (1 hours ago)
.
Motherboard: Alienware | | 046MHW
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 703.719 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: MagicISO SCSI Host Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: MagicISO, Inc.
Name: MagicISO SCSI Host Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: mcdbus
.
==== System Restore Points ===================

Thanks for your help!
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am
Advertisement
Register to Remove

Re: Slow Computer

Unread postby melboy » July 3rd, 2013, 4:19 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


====================================


Attach.txt is incomplete. Please repost the contents of attach.txt only

.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 3rd, 2013, 5:02 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2011 3:17:21 PM
System Uptime: 7/3/2013 8:05:08 AM (1 hours ago)
.
Motherboard: Alienware | | 046MHW
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 703.719 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: MagicISO SCSI Host Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: MagicISO, Inc.
Name: MagicISO SCSI Host Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: mcdbus
.
==== System Restore Points ===================
.
RP278: 6/29/2013 3:37:20 PM - Scheduled Checkpoint
RP279: 6/30/2013 1:15:07 PM - Installed DirectX
RP280: 7/3/2013 3:32:34 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
4500_G510af_Help
4500G510af
4500G510af_Software_Min
64 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
AlienRespawn
AlienRespawn - Support Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Aurora-R3 Manual
Auslogics BoostSpeed
Auslogics Disk Defrag
Auslogics Toolbar Updater
Battlefield 3™
BitTorrent
Bonjour
BufferChm
CCleaner
Command Center
DAEMON Tools Lite
Dell DataSafe Online
Dell InHome Service Agreement
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocMgr
DocProc
Endless Space
ESET NOD32 Antivirus
ExpressFiles
Facetheme
Far Cry 3
Far Cry® 3 Blood Dragon
FarCry 3 version 5.1
Fax
GIMP 2.8.2
Google Earth
Google Update Helper
GoToMeeting 5.5.0.1133
GPBaseService2
Graboid Video 2.3
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
HxD Hex Editor version 1.7.7.0
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 30
JavaFX 2.1.1
Logitech Gaming Software
Logitech Gaming Software 8.35
LogMeIn Hamachi
Magic DVD Copier Version 5.0.2
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mass Effect™ 3
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.4.1
Origin
Pando Media Booster
PhotoShowExpress
PlanetSide 2
QuickBooks
QuickBooks Pro 2012
QuickTime
Raptr
RBVirtualFolder64Inst
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype Click to Call
Skype™ 6.3
SmartWebPrinting
SolutionCenter
Songbird 1.10.2 (Build 2199)
Sonic CinePlayer Decoder Pack
Spotify
Spring Medical Systems, Inc. SpringCharts EHR Demo Version 9.2.4
Status
Steam
swMSM
THX TruStudio PC
Toolbox
TrayApp
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
VLC media player 1.0.1
WebReg
West Point Bridge Designer 2013 (2nd Edition) (remove only)
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/3/2013 8:11:38 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86368 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
7/3/2013 8:07:40 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2013 8:07:40 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
7/3/2013 6:20:35 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
7/3/2013 6:20:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/29/2013 12:42:44 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/29/2013 12:42:44 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/29/2013 1:26:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 3rd, 2013, 5:08 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
    µTorrent
    BitTorrent
  • Click Uninstall & then follow the prompts to remove them.

Please reply confirming their removal.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 3rd, 2013, 5:12 pm

They have been removed. Would you like a new DDS sent?
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 3rd, 2013, 5:23 pm

No, that won't be necessary.

These programs are not necessary or are outdated versions that have vulnerabilities that make them a security risk.

Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
    Adobe Reader X (10.1.7) MUI
    Java 7 Update 21
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 30
    McAfee Security Scan Plus
    VLC media player 1.0.1
  • Click Uninstall & then follow the prompts to remove it.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


CKScanner

Download CKScanner from here

Important - Save it to your desktop - Run this program only once.

  • Right click CKScanner.exe and choose "Run as Administrator"
  • When the program opens click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 3rd, 2013, 6:36 pm

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\users\adam\documents\vuze downloads\mark.of.the.ninja.v1.0.multi6.cracked-theta\extremezone.aka.piratepedia.stole.this.from.zamunda.net.txt
c:\users\adam\documents\vuze downloads\mass effect 2 dlc pack [pc ~ multi6]\crack\giveme2entitlements.exe
c:\users\adam\downloads\farcry131-132 patch 132 crack.rar
c:\users\adam\downloads\ac iii crack theta\theta.nfo
c:\users\adam\downloads\ac iii crack theta\ubiorbitapi_r2.dll
c:\users\adam\downloads\ac iii crack theta\ubiorbitapi_r2_loader.dll
c:\users\adam\downloads\ac iii crack theta\uplay_r1_loader.dll
scanner sequence 3.CE.11.QCAAWM
----- EOF -----



[2013/07/03 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\New folder
[2013/07/03 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2013/07/03 16:57:17 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Programs
[2013/07/02 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Sega Emulater
[2013/06/30 13:25:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Endless Space
[2013/06/29 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/06/25 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/06/21 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Games
[2013/06/19 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Old Firefox Data
[2013/06/18 16:15:51 | 000,000,000 | ---D | C] -- C:\Swsetup
[2013/06/18 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013/06/16 20:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpringCharts Demo
[2013/06/16 20:42:25 | 000,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2013/06/16 20:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SCDemo
[2013/06/05 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2013/06/05 20:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3
[2013/06/05 20:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FarCry 3
[2011/08/07 12:27:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/03 17:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/03 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/03 17:12:36 | 003,867,680 | ---- | M] () -- C:\Users\Adam\Desktop\sr-eshu111.7z
[2013/07/03 16:57:31 | 000,002,200 | ---- | M] () -- C:\Users\Adam\Desktop\MegaTrainer eXperience.lnk
[2013/07/03 13:38:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 13:38:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 13:31:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/03 13:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/03 13:31:01 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/03 13:19:55 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/03 13:16:35 | 000,035,848 | ---- | M] () -- C:\Users\Adam\Desktop\lp2.jpg
[2013/07/03 13:10:15 | 000,033,133 | ---- | M] () -- C:\Users\Adam\Desktop\lp.aspx.jpg
[2013/07/03 12:32:58 | 000,014,637 | ---- | M] () -- C:\Users\Adam\Desktop\New Image.PNG
[2013/07/03 11:23:18 | 002,066,650 | ---- | M] () -- C:\Users\Adam\Desktop\Headlight_2After.jpg
[2013/07/03 11:23:14 | 001,897,912 | ---- | M] () -- C:\Users\Adam\Desktop\Headlight_1Before.jpg
[2013/07/01 22:30:38 | 000,045,637 | ---- | M] () -- C:\Users\Adam\Desktop\tumblr_mandgwxHV41rgc9vao1_500.jpg
[2013/06/29 21:50:36 | 000,000,222 | ---- | M] () -- C:\Users\Adam\Desktop\Endless Space.url
[2013/06/25 20:10:25 | 000,020,781 | ---- | M] () -- C:\Users\Adam\Documents\ins.odt
[2013/06/25 17:24:31 | 000,001,207 | ---- | M] () -- C:\Users\Adam\Desktop\Uplay.lnk
[2013/06/25 16:45:53 | 000,000,222 | ---- | M] () -- C:\Users\Adam\Desktop\Far Cry 3 Blood Dragon.url
[2013/06/24 10:56:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/06/16 20:42:32 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\SpringCharts Demo.lnk
[2013/06/11 13:15:10 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/06/11 13:10:58 | 000,018,135 | ---- | M] () -- C:\Users\Adam\Desktop\Socco Brothers Auto Group Email_Payroll_reports.pdf
[2013/06/11 12:38:45 | 002,754,906 | ---- | M] () -- C:\Users\Adam\Desktop\73121679-Archive-2013-06-11.pdf
[2013/06/08 09:55:05 | 000,010,714 | ---- | M] () -- C:\Users\Adam\Desktop\12044591.pdf
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/03 17:12:33 | 003,867,680 | ---- | C] () -- C:\Users\Adam\Desktop\sr-eshu111.7z
[2013/07/03 16:57:31 | 000,002,200 | ---- | C] () -- C:\Users\Adam\Desktop\MegaTrainer eXperience.lnk
[2013/07/03 13:16:34 | 000,035,848 | ---- | C] () -- C:\Users\Adam\Desktop\lp2.jpg
[2013/07/03 13:10:14 | 000,033,133 | ---- | C] () -- C:\Users\Adam\Desktop\lp.aspx.jpg
[2013/07/03 12:32:57 | 000,014,637 | ---- | C] () -- C:\Users\Adam\Desktop\New Image.PNG
[2013/07/03 11:23:17 | 002,066,650 | ---- | C] () -- C:\Users\Adam\Desktop\Headlight_2After.jpg
[2013/07/03 11:23:12 | 001,897,912 | ---- | C] () -- C:\Users\Adam\Desktop\Headlight_1Before.jpg
[2013/07/01 22:30:36 | 000,045,637 | ---- | C] () -- C:\Users\Adam\Desktop\tumblr_mandgwxHV41rgc9vao1_500.jpg
[2013/06/29 21:50:36 | 000,000,222 | ---- | C] () -- C:\Users\Adam\Desktop\Endless Space.url
[2013/06/25 20:10:23 | 000,020,781 | ---- | C] () -- C:\Users\Adam\Documents\ins.odt
[2013/06/25 17:24:31 | 000,001,207 | ---- | C] () -- C:\Users\Adam\Desktop\Uplay.lnk
[2013/06/25 16:45:53 | 000,000,222 | ---- | C] () -- C:\Users\Adam\Desktop\Far Cry 3 Blood Dragon.url
[2013/06/16 20:42:32 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\SpringCharts Demo.lnk
[2013/06/16 20:42:14 | 039,683,327 | ---- | C] () -- C:\Users\Adam\Desktop\SpringChartsDEMOSetup.exe
[2013/06/11 13:10:57 | 000,018,135 | ---- | C] () -- C:\Users\Adam\Desktop\Socco Brothers Auto Group Email_Payroll_reports.pdf
[2013/06/11 12:38:40 | 002,754,906 | ---- | C] () -- C:\Users\Adam\Desktop\73121679-Archive-2013-06-11.pdf
[2013/06/08 09:55:04 | 000,010,714 | ---- | C] () -- C:\Users\Adam\Desktop\12044591.pdf
[2013/02/25 20:16:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/31 11:29:45 | 000,171,327 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2012/12/12 19:03:07 | 000,000,860 | ---- | C] () -- C:\Users\Adam\AppData\Local\recently-used.xbel
[2012/09/26 11:25:18 | 000,171,327 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/07/18 11:06:39 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/01/29 19:55:06 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2012/01/24 11:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 16:37:33 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/08/07 12:27:48 | 000,099,384 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\inst.exe
[2011/08/07 12:27:48 | 000,007,859 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2011/08/07 12:27:48 | 000,001,167 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2011/07/23 17:31:49 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/23 17:31:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/23 17:31:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/11 19:07:33 | 000,000,092 | ---- | C] () -- C:\Users\Adam\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/29 08:02:02 | 000,000,000 | -HSD | M] -- C:\Users\Adam\AppData\Roaming\.#
[2013/03/24 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.minecraft
[2013/06/29 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Auslogics
[2013/03/23 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Azureus
[2013/06/06 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
[2012/06/15 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Garmin
[2012/11/13 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2013/02/16 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mael
[2013/04/18 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\McGraw-HillLicensing
[2012/12/17 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MotioninJoy
[2011/11/15 21:36:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenCandy
[2011/07/11 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2013/01/25 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Origin
[2011/08/27 16:19:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Raptr
[2013/02/15 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SharePod
[2012/05/04 11:48:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Songbird2
[2013/02/10 10:46:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Spotify
[2011/07/12 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Stardock
[2011/07/20 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SuperAdBlocker.com
[2013/03/20 16:08:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TeamViewer
[2012/05/08 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\The Creative Assembly
[2013/05/10 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Theta
[2013/02/26 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\USMA
[2013/07/03 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent
[2011/08/07 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 7/3/2013 6:31:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.18 Gb Available Physical Memory | 64.94% Memory free
15.96 Gb Paging File | 12.75 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.74 Gb Total Space | 704.02 Gb Free Space | 76.30% Space Free | Partition Type: NTFS
Drive D: | 551.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADAMSOCCORSI | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03100428-0006-4900-B873-D4422DE5CBDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E0F5E9C-337F-42FF-8BFB-F41C91EF1D48}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{13B420F7-D7A5-4E1D-8B6B-899B1DEA5CEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FC6A1B9-C0AB-4517-8B66-FD0E5CB83F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27ACF035-D20E-4A71-A4F1-B918EF31EB40}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2D474D82-CC09-4615-B568-A490D9BAF9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D8AF413-0EAE-400F-8565-AF78D68DD556}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3196B78E-00E2-4F5D-B5C9-476659FAB8F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34160E7D-4959-4579-AEDA-C89E3F1017A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3427B84F-0D2C-4BA7-95E9-169743348750}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3621047D-A541-49CB-9885-9D235B8ADE93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D21C17A-FE0C-4102-99D4-41A4ECDF744F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{43169042-C48C-41CF-900B-BC54957BA5E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43AE706A-E07A-4B67-886B-8CA4218A350D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{496546F4-EADC-430B-83EA-4C5DC190FE76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5018F2C1-C0CD-4B5B-A1CD-B1A369E1E305}" = lport=137 | protocol=17 | dir=in | app=system |
"{52B26A93-8CE5-4EB2-9EF6-BDA05F1070E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57C3860D-AD03-43C6-B840-40678C9EEE98}" = rport=139 | protocol=6 | dir=out | app=system |
"{58CFE73C-47E0-41C8-A5A0-8BEEF79EDF3F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DBD423A-99D7-436F-94F8-D18FC1228D17}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6157CBB1-5FAB-4A14-8C44-3F862A4A380A}" = lport=445 | protocol=6 | dir=in | app=system |
"{61EA9C71-5593-424B-A84E-BE5A56647411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{647E865C-831B-447D-987C-01CD6DE55FFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{672AF29E-DBCE-4337-BD9D-DA8490DD8AA6}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AD0BCA8-050C-4F16-A74F-30826936094E}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6CC64854-AA5A-4004-906C-F05A6C11544A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6FC27A97-687B-40FA-9E0D-19EF143B3E7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{711155B6-565C-40F0-BDCA-AE4712082E7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F77DF92-5489-4720-BC63-DEB3378EDC4A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{81C77DCD-B300-4204-831B-026832481EA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88D55ADF-3B55-47B0-8E30-811FB7E460B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8DB11ED5-824F-42E5-A227-32966D0FF968}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E971216-5DF8-4B2F-8FA7-68BD649AF872}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{912A5003-5B35-4437-9AEE-49ADA9E937D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9923FEBE-06E5-42DC-8554-DA6FAE276415}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D2DE20B-D785-4EC8-87CD-EBA16738D332}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9EBCD4B2-0D0C-4E29-8EB7-29DF88F1F734}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF4A53B8-5C84-4F58-8B0E-109F2112F977}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C7FDA753-A4F7-4D8A-9371-074D207B87C1}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C804505E-717D-413B-9294-9908636B4AB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD1FC097-F70C-4E0E-B5BD-CD09FEA39819}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D6A11590-64F6-4BED-A99E-B2A9B2101F8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0E72123-BE78-4AE1-B6E1-17AB051C1296}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4C9EEA1-49B9-4F7C-B28F-9A44F7DF7027}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7265D02-B7FB-415F-8034-7F8A8678C59F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{ED3F313F-3BA6-4734-81AD-F857535C9FE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC6B6DE9-9264-420D-A099-32FC107A21CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065B3D5D-1E3B-44AF-8E3B-2AA61297942B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0854733E-76A8-46FD-8B5E-674F5DF4BD05}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{09D663A5-18B2-428D-BD74-92375289C274}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0B26BD8D-AEFD-4ADA-8098-C0A73BB30ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0F79ECDA-2E58-433A-A26D-23C85F2D3758}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10932BFB-7C6A-4B09-8A97-93032776CAB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11E2C555-2D54-46F8-8043-B4096E389D74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1303661E-9424-4443-8DD1-690B5B53787E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{166A5024-037F-4B54-9128-1971AC1B69AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1775ED60-161D-42A6-87C5-DF0FE7E8107C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1A79A1CF-2396-4C16-9BB2-122BC0745F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{1E95B289-E00A-4F82-9478-25870ECE8FE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC6A824-0FF4-4EC7-9838-25A46611AAE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20BCCAEB-AE2D-4644-9118-4BBE082399CA}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{22B79333-3493-4B04-981E-1F7031C2E63C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{24483430-2EC1-4ED4-8F70-7BDCA4F26BD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{244B51EA-58AB-42DA-8A7D-044B1261391B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{265F7848-D807-45AB-9D4A-24C85796AAB0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2B20C898-F0F5-4093-B1CF-355371E1711A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2CC62AC7-FC5B-44FD-B2CB-4714736B7971}" = protocol=58 | dir=in | app=system |
"{3331E7E3-B108-46F0-A992-C218ABF50BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{3416DC31-4BF6-475B-9687-3BA63920B617}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3497F525-9C22-40D8-A7B8-1B776AD23B48}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{3582D17F-1018-48E9-9463-57944225D848}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{378774C5-D07B-4781-B6E4-66A027E1037F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{390BDB15-CF32-42B0-9022-D0C06A718D0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D54B7BF-E073-4AEE-84CC-0DF2490D8643}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4186AC1B-A0B6-486F-A57F-4988BE96BDB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4824672E-3544-4585-AAE2-66D179E471D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B2C1B9F-4A28-44DD-950F-7C385247587B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{4FA7E2FE-1AF1-45BF-9A2C-DC365837C142}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56CED3E0-DF11-4AB6-AF84-807D3F94F904}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{57ACBEC1-A4EC-4B88-ABE2-592653D7F8A3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{5965F182-D008-4B3B-BF7D-40ACB7AD68BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DC2AB80-D9A4-4F22-AD0B-2A7D47FBA1EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{69000FA6-2E0A-4129-8DF5-922A65F9600F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C438D76-90D3-4DAF-B021-0D8F8262A052}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{718F7853-7ABF-4ECC-AC04-DC437D02237F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{71BFB1B0-1E34-4674-B5D0-F39714CD2ED7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7465CEDF-AADC-433E-9E04-928B6EECF8EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{748158A0-FC55-4234-ADCB-7BD08FB29991}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{748658D2-32CF-4C56-A1A9-7A49383CC88A}" = protocol=6 | dir=out | app=system |
"{75724AC4-231B-4CC8-9A3B-A95331C8FAD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{76F9F622-06DD-4599-A532-725C365D6523}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\spotify\spotify.exe |
"{7C152393-FA94-4684-B2B2-E39A6E1A8B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{7CCB35E5-48BA-4902-966C-5D9063B6F48A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7ED5EF02-2E9F-454E-ABC2-5C172848B334}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{7FB686AC-99AD-41D2-8625-28FC67575C87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83382EB6-AF48-4F07-B598-F1328B3206F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{840328D1-B518-4807-A1B6-71E6BFC9C299}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{84B01124-59D6-407D-8587-52579716BB17}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{86F9FB12-8CE9-4769-A7BF-E6C8D86F53C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{8A401182-8C0B-4A42-95A2-D9D44DF50FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{8AB66955-7FB1-4AFF-A434-2966E136D43B}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{8C0876E3-4F48-4BC2-B2E2-4C0E1BF44B51}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8DA6EC68-BD9F-44BC-BD4A-12CD9BC95E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{8FBF6A05-0132-4755-B8D7-F09A9B2D713D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{92466645-5A01-427A-850F-1FDE88BF31D8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{93939547-136E-4FF2-9182-924CA7F761B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{9C3C216B-3490-4AB1-BA83-5AACE0F29DAF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9E666979-8659-4F0E-A961-3C194AED127D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A30DE06C-3D31-45C0-AB89-A4D51C1F2737}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A3B412F9-3AAC-4C25-A7C5-A6DE9DA06B46}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{A41B2959-FA8B-45A7-8EB4-D8C04234AC82}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB2F9BFE-2AD8-47CB-99CF-220734838BDC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB7DEB75-6322-44FB-933C-9AC18E2AA290}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD3312FA-DF7E-49CF-8EBD-9B9B707DA959}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AEB044A8-48EE-4757-922B-5B777772E713}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{B2ABE9FB-7EE1-41F9-97AE-B6EB99EAB548}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B772FFE0-B0A3-44B9-88F4-C4863732CA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{B7C47B9D-41F9-42EB-BB5B-AAFA9ABA847D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BC14557B-EEC7-4528-B1F5-BA0E09EBFF78}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C0B551C7-4B03-48DC-B6A8-3D9ADC2FC8DB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C0DCB7AE-4044-45DA-8798-C3373522E63D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C1268F7E-E0B9-4D6A-994B-D4CF3F8A6BF4}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\spotify\spotify.exe |
"{C28A3BFE-CC88-467E-828B-F7704E7C9408}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{C70919C5-315C-43BF-8225-7E59F930A131}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C98D7F8B-C8C8-4CF5-A164-1EF69C5E8707}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CA98AF51-1334-41DA-AC9B-B2EEAA4A0A35}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{CC159950-2656-4929-9328-4F8D28AE79A4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CE06A4E3-25A5-4EB8-82DD-F2F8CA3519AE}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{CEC97074-1FDE-4187-BAED-A1DA4F8F98BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CF8F6DCD-AF0F-4241-BEF1-25559380662C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{D0F366AC-FECB-4394-A1D7-7FCB10EE9D58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6F4059E-090B-4627-8784-D0EB8CA4C4EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D86247A8-6F32-4F7E-8CDD-B6B456AEB67A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB5F5BC0-F3A2-40BD-A6CF-D638AFA031DF}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{DE87A09C-6BD5-4F3A-BFE7-0F1188558149}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6C48428-BF96-4E10-95B0-AE53413930BA}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E846BF66-6C1F-416B-AB3A-79475E115F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EAF2DEA5-C86D-4CEA-A98F-3EE326326BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC10B456-8241-4FCE-94DC-667B2E9FA59B}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\spotify\spotify.exe |
"{F14BD2CB-15D5-4B2A-B14C-D1A63533FB0C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{F511114E-6E56-46E0-8DCA-0B55D0FF5FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{F618F247-0836-45F2-9D7F-60A817A018D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F9F7464B-9C64-406B-A216-CE06E1FF3F9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{FB67D84A-DC44-4C97-AA8E-F882B317E678}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FD69B73E-F549-46FF-B96D-A8D9D8FCCCB3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FE80E1F7-1B24-4DB2-8ECB-34B691F5789E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FE9ACB4B-8724-4408-87D2-A1DD957244BA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEA91DC4-E2C3-41ED-A0AA-4CBCACF441CC}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2CB7E494-B819-4831-BB7C-51301E4582EC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B1BE18E5-3591-442E-9F9B-4E993BBD67B9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{130FACD1-1B74-4065-BBE0-D65F049BCBCF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{A8F0D6FA-34DF-4D1F-B9A8-EA826E6AED18}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{587F20B7-4193-4400-B404-C6E3E1919BCA}" = ESET NOD32 Antivirus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CA8128ED-01A5-4447-9BBB-7684DB57F1AB}" = Aurora-R3 Manual
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DB87B1A6-8A3B-4F3D-9E83-CE0FD88DCDA9}" = Command Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"facetheme" = Facetheme
"Graboid Video" = Graboid Video 2.3
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{CA8128ED-01A5-4447-9BBB-7684DB57F1AB}" = Aurora-R3 Manual
"InstallShield_{DB87B1A6-8A3B-4F3D-9E83-CE0FD88DCDA9}" = Command Center
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.2
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.8.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Raptr" = Raptr
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Songbird-release-2199" = Songbird 1.10.2 (Build 2199)
"SpringCharts EHR Demo" = Spring Medical Systems, Inc. SpringCharts EHR Demo Version 9.2.4
"Steam App 208140" = Endless Space
"Steam App 233270" = Far Cry® 3 Blood Dragon
"Uplay" = Uplay
"West Point Bridge Designer 2013 (2nd Edition)" = West Point Bridge Designer 2013 (2nd Edition) (remove only)
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Auslogics Toolbar Updater
"ExpressFiles" = ExpressFiles
"GoToMeeting" = GoToMeeting 5.5.0.1133
"soe-PlanetSide 2" = PlanetSide 2
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2013 12:14:47 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 2/26/2013 12:14:47 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Adam\Desktop\AutoQual\Socco
Brothers Auto Group2.QBW;ENG=QB_data_engine_22;DBN=3e914ed19d524bb2b6a6fe3c8781a4

Error - 2/26/2013 12:14:47 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 2/26/2013 12:14:54 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 2/26/2013 12:14:54 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Adam\Desktop\AutoQual\Socco
Brothers Auto Group2.QBW;ENG=QB_data_engine_22;DBN=7f746fe2635144f4abf7e360b0c059

Error - 2/26/2013 12:14:54 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 2/26/2013 12:14:57 PM | Computer Name = AdamSoccorsi | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DMError Information:-6069Additional
Info:An Invalid Id or password was specifie

Error - 2/27/2013 10:32:22 AM | Computer Name = AdamSoccorsi | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2013 10:43:28 PM | Computer Name = AdamSoccorsi | Source = Application Error | ID = 1000
Error - 2/28/2013 1:02:16 AM | Computer Name = AdamSoccorsi | Source = WinMgmt |
ID = 10

Description =
Error - 2/28/2013 1:28:34 PM | Computer Name = AdamSoccorsi | Source = WinMgmt |
ID = 10

Description =

Error encountered while reading event logs.

< End of report >
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 4th, 2013, 5:37 pm

Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Code: Select all
c:\users\adam\documents\vuze downloads\mark.of.the.ninja.v1.0.multi6.cracked-theta\extremezone.aka.piratepedia.stole.this.from.zamunda.net.txt
c:\users\adam\documents\vuze downloads\mass effect 2 dlc pack [pc ~ multi6]\crack\giveme2entitlements.exe
c:\users\adam\downloads\farcry131-132 patch 132 crack.rar
c:\users\adam\downloads\ac iii crack theta\theta.nfo
c:\users\adam\downloads\ac iii crack theta\ubiorbitapi_r2.dll
c:\users\adam\downloads\ac iii crack theta\ubiorbitapi_r2_loader.dll
c:\users\adam\downloads\ac iii crack theta\uplay_r1_loader.dll


Please post back to confirm the removal of the illegal items.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 5th, 2013, 5:50 pm

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11.DMABSD
----- EOF -----
OTL logfile created on: 7/5/2013 5:41:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.71% Memory free
15.96 Gb Paging File | 13.27 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.74 Gb Total Space | 714.13 Gb Free Space | 77.39% Space Free | Partition Type: NTFS
Drive D: | 551.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 524.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 484.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADAMSOCCORSI | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 09:54:37 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/03 18:25:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/13 00:00:45 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/06 18:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/03/31 15:01:44 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/06/05 05:56:50 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/03/21 12:14:24 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2011/03/21 12:08:24 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/04 09:54:37 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/13 00:00:44 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/06/06 18:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/05/16 03:06:23 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/16 03:06:16 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/16 03:06:14 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll
MOD - [2013/05/16 03:06:11 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:06:11 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/16 03:06:09 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/16 03:06:08 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/06 21:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/03/26 20:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/01/10 04:16:50 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/10 04:15:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:15:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 04:07:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/10 04:07:39 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/10 04:07:38 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 04:07:35 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll
MOD - [2013/01/10 04:07:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/12/11 13:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 13:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 13:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/21 12:06:06 | 000,015,296 | ---- | M] (Alienware) [On_Demand | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/07/04 09:54:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/24 10:56:07 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/06/13 00:00:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/06/05 05:56:50 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/06/05 05:56:34 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/05/19 15:51:37 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/29 14:08:40 | 000,189,248 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 20:24:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [On_Demand | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/31 20:26:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/07 12:27:48 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 13:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/13 22:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/10 21:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/07/27 15:04:00 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/07/27 15:04:00 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/22 16:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/14 23:27:00 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 23:27:00 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 23:27:00 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 23:27:00 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/08/02 09:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=1689
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 A7 00 B1 A5 60 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=^AU&apn_dtid=^YYYYYY^YY^US&apn_uid=70e00c67-9f7e-4349-a2b1-82634c648e91&apn_sauid=23F7834C-E9DC-44D4-97DC-8EA655A651E5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Adam\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/11/01 20:42:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/11 15:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/26 11:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/04 09:54:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/04 09:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/11/01 20:42:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/11 15:42:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/26 11:30:09 | 000,000,000 | ---D | M]

[2012/05/04 11:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2012/05/04 11:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/06/19 11:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\extensions
[2013/06/19 10:44:15 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/06/19 11:10:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\25h10ql8.default-1371652958826\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/04 09:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/04 09:54:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/04 09:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/04 09:54:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AU&apn_dtid=aus002YYUS&apn_uid=EBE99B30-A213-4E86-AD72-6B542706F1E5&apn_sauid=2A69DA53-48E2-4B87-B434-08BBC77919D1
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.18_0\
CHR - Extension: Click to call with Skype = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{740418D5-875F-450D-A21C-210F09EA9CD2}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 09:42:13 | 000,000,050 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{04739ed4-7b6c-11e1-905a-f04da2ddda94}\Shell - "" = AutoRun
O33 - MountPoints2\{04739ed4-7b6c-11e1-905a-f04da2ddda94}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{18e06d23-97d9-11e1-af4a-f04da2ddda94}\Shell - "" = AutoRun
O33 - MountPoints2\{18e06d23-97d9-11e1-af4a-f04da2ddda94}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O33 - MountPoints2\{4fb2df63-66d9-11e1-8b12-f04da2ddda94}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb2df63-66d9-11e1-8b12-f04da2ddda94}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{68ebcde7-51b5-11e1-a342-f04da2ddda94}\Shell - "" = AutoRun
O33 - MountPoints2\{68ebcde7-51b5-11e1-a342-f04da2ddda94}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{6b2c9b80-a44f-11e0-af98-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b2c9b80-a44f-11e0-af98-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start_Here.exe -- [2007/01/26 14:43:00 | 003,793,872 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{8608856f-0cd2-11e1-b82a-f04da2ddda94}\Shell - "" = AutoRun
O33 - MountPoints2\{8608856f-0cd2-11e1-b82a-f04da2ddda94}\Shell\AutoRun\command - "" = E:\titanic.exe
O33 - MountPoints2\{8608856f-0cd2-11e1-b82a-f04da2ddda94}\Shell\instguide\command - "" = write install.wri
O33 - MountPoints2\{8608856f-0cd2-11e1-b82a-f04da2ddda94}\Shell\readnotes\command - "" = notepad readme.txt
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/04 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Crash 2
[2013/07/04 09:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/04 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Crash Bandicoot
[2013/07/04 00:04:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Crash
[2013/07/03 20:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/03 20:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/07/03 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\New folder
[2013/07/03 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2013/07/03 16:57:17 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Programs
[2013/07/02 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Sega Emulater
[2013/06/30 13:25:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Endless Space
[2013/06/29 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/06/25 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/06/21 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Games
[2013/06/19 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Old Firefox Data
[2013/06/18 16:15:51 | 000,000,000 | ---D | C] -- C:\Swsetup
[2013/06/18 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013/06/16 20:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpringCharts Demo
[2013/06/16 20:42:25 | 000,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2013/06/16 20:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SCDemo
[2013/06/05 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2013/06/05 20:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3
[2013/06/05 20:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FarCry 3
[2011/08/07 12:27:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/05 17:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/05 15:37:26 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 15:37:26 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 11:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/05 07:38:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 21:07:27 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/04 10:35:35 | 086,325,254 | ---- | M] () -- C:\Users\Adam\Desktop\Crash Bandicoot 2 - Cortex Strikes Back.7z
[2013/07/03 17:12:36 | 003,867,680 | ---- | M] () -- C:\Users\Adam\Desktop\sr-eshu111.7z
[2013/07/03 16:57:31 | 000,002,200 | ---- | M] () -- C:\Users\Adam\Desktop\MegaTrainer eXperience.lnk
[2013/07/03 13:19:55 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/03 13:16:35 | 000,035,848 | ---- | M] () -- C:\Users\Adam\Desktop\lp2.jpg
[2013/07/03 13:10:15 | 000,033,133 | ---- | M] () -- C:\Users\Adam\Desktop\lp.aspx.jpg
[2013/07/03 12:32:58 | 000,014,637 | ---- | M] () -- C:\Users\Adam\Desktop\New Image.PNG
[2013/07/03 11:23:18 | 002,066,650 | ---- | M] () -- C:\Users\Adam\Desktop\Headlight_2After.jpg
[2013/07/03 11:23:14 | 001,897,912 | ---- | M] () -- C:\Users\Adam\Desktop\Headlight_1Before.jpg
[2013/07/01 22:30:38 | 000,045,637 | ---- | M] () -- C:\Users\Adam\Desktop\tumblr_mandgwxHV41rgc9vao1_500.jpg
[2013/06/29 21:50:36 | 000,000,222 | ---- | M] () -- C:\Users\Adam\Desktop\Endless Space.url
[2013/06/25 20:10:25 | 000,020,781 | ---- | M] () -- C:\Users\Adam\Documents\ins.odt
[2013/06/25 17:24:31 | 000,001,207 | ---- | M] () -- C:\Users\Adam\Desktop\Uplay.lnk
[2013/06/25 16:45:53 | 000,000,222 | ---- | M] () -- C:\Users\Adam\Desktop\Far Cry 3 Blood Dragon.url
[2013/06/24 10:56:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/06/16 20:42:32 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\SpringCharts Demo.lnk
[2013/06/11 13:15:10 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/06/11 13:10:58 | 000,018,135 | ---- | M] () -- C:\Users\Adam\Desktop\Socco Brothers Auto Group Email_Payroll_reports.pdf
[2013/06/11 12:38:45 | 002,754,906 | ---- | M] () -- C:\Users\Adam\Desktop\73121679-Archive-2013-06-11.pdf
[2013/06/08 09:55:05 | 000,010,714 | ---- | M] () -- C:\Users\Adam\Desktop\12044591.pdf
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/04 10:34:19 | 086,325,254 | ---- | C] () -- C:\Users\Adam\Desktop\Crash Bandicoot 2 - Cortex Strikes Back.7z
[2013/07/03 17:12:33 | 003,867,680 | ---- | C] () -- C:\Users\Adam\Desktop\sr-eshu111.7z
[2013/07/03 16:57:31 | 000,002,200 | ---- | C] () -- C:\Users\Adam\Desktop\MegaTrainer eXperience.lnk
[2013/07/03 13:16:34 | 000,035,848 | ---- | C] () -- C:\Users\Adam\Desktop\lp2.jpg
[2013/07/03 13:10:14 | 000,033,133 | ---- | C] () -- C:\Users\Adam\Desktop\lp.aspx.jpg
[2013/07/03 12:32:57 | 000,014,637 | ---- | C] () -- C:\Users\Adam\Desktop\New Image.PNG
[2013/07/03 11:23:17 | 002,066,650 | ---- | C] () -- C:\Users\Adam\Desktop\Headlight_2After.jpg
[2013/07/03 11:23:12 | 001,897,912 | ---- | C] () -- C:\Users\Adam\Desktop\Headlight_1Before.jpg
[2013/07/01 22:30:36 | 000,045,637 | ---- | C] () -- C:\Users\Adam\Desktop\tumblr_mandgwxHV41rgc9vao1_500.jpg
[2013/06/29 21:50:36 | 000,000,222 | ---- | C] () -- C:\Users\Adam\Desktop\Endless Space.url
[2013/06/25 20:10:23 | 000,020,781 | ---- | C] () -- C:\Users\Adam\Documents\ins.odt
[2013/06/25 17:24:31 | 000,001,207 | ---- | C] () -- C:\Users\Adam\Desktop\Uplay.lnk
[2013/06/25 16:45:53 | 000,000,222 | ---- | C] () -- C:\Users\Adam\Desktop\Far Cry 3 Blood Dragon.url
[2013/06/16 20:42:32 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\SpringCharts Demo.lnk
[2013/06/16 20:42:14 | 039,683,327 | ---- | C] () -- C:\Users\Adam\Desktop\SpringChartsDEMOSetup.exe
[2013/06/11 13:10:57 | 000,018,135 | ---- | C] () -- C:\Users\Adam\Desktop\Socco Brothers Auto Group Email_Payroll_reports.pdf
[2013/06/11 12:38:40 | 002,754,906 | ---- | C] () -- C:\Users\Adam\Desktop\73121679-Archive-2013-06-11.pdf
[2013/06/08 09:55:04 | 000,010,714 | ---- | C] () -- C:\Users\Adam\Desktop\12044591.pdf
[2013/02/25 20:16:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/31 11:29:45 | 000,171,327 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2012/12/12 19:03:07 | 000,000,860 | ---- | C] () -- C:\Users\Adam\AppData\Local\recently-used.xbel
[2012/09/26 11:25:18 | 000,171,327 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/07/18 11:06:39 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/01/29 19:55:06 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2012/01/24 11:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 16:37:33 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/08/07 12:27:48 | 000,099,384 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\inst.exe
[2011/08/07 12:27:48 | 000,007,859 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2011/08/07 12:27:48 | 000,001,167 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2011/07/23 17:31:49 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/23 17:31:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/23 17:31:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/11 19:07:33 | 000,000,092 | ---- | C] () -- C:\Users\Adam\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/04 22:49:24 | 000,000,000 | -HSD | M] -- C:\Users\Adam\AppData\Roaming\.#
[2013/03/24 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.minecraft
[2013/06/29 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Auslogics
[2013/03/23 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Azureus
[2013/07/04 00:05:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
[2012/06/15 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Garmin
[2012/11/13 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2013/02/16 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mael
[2013/07/04 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\McGraw-HillLicensing
[2012/12/17 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MotioninJoy
[2011/11/15 21:36:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenCandy
[2011/07/11 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2013/01/25 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Origin
[2011/08/27 16:19:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Raptr
[2013/02/15 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SharePod
[2012/05/04 11:48:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Songbird2
[2013/02/10 10:46:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Spotify
[2011/07/12 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Stardock
[2011/07/20 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SuperAdBlocker.com
[2013/03/20 16:08:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TeamViewer
[2012/05/08 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\The Creative Assembly
[2013/05/10 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Theta
[2013/02/26 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\USMA
[2013/07/03 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent
[2011/08/07 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 6th, 2013, 6:08 pm

Hi

Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • It is very important you do not use your computer while GMER is running
  • Right click the randomly named GMER Image icon & choose "Run as Administrator"
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 8th, 2013, 3:28 pm

Hi,

I've been trying to get the GMER program to work but during the scan it keeps crashing. I've followed the instructions above but it still stops responding mid scan. I didn't want my thread to be closed due to lack of response.
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 8th, 2013, 4:36 pm

Hi,

Delete GMER, we'll try a different approach.


aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slow Computer

Unread postby thefuzz1877 » July 10th, 2013, 4:23 pm

Sounds great. You'll have the results in a few.
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby thefuzz1877 » July 10th, 2013, 5:41 pm

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 16:37:22
-----------------------------
16:37:22.098 OS Version: Windows x64 6.1.7601 Service Pack 1
16:37:22.098 Number of processors: 8 586 0x2A07
16:37:22.098 ComputerName: ADAMSOCCORSI UserName: Adam
16:37:23.908 Initialize success
16:38:37.572 AVAST engine defs: 13071002
16:38:48.898 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:38:48.898 Disk 0 Vendor: WDC_WD10 17.0 Size: 953869MB BusType: 3
16:38:48.976 Disk 0 MBR read successfully
16:38:48.976 Disk 0 MBR scan
16:38:48.976 Disk 0 Windows VISTA default MBR code
16:38:48.976 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:38:48.991 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8942 MB offset 81920
16:38:49.022 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 944886 MB offset 18395136
16:38:49.054 Disk 0 scanning C:\Windows\system32\drivers
16:39:03.047 Service scanning
16:39:22.547 Modules scanning
16:39:22.547 Disk 0 trace - called modules:
16:39:22.547 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:39:22.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095f7790]
16:39:22.563 3 CLASSPNP.SYS[fffff88000c4d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078b6050]
16:39:24.700 AVAST engine scan C:\Windows
16:39:27.991 AVAST engine scan C:\Windows\system32
16:42:39.498 AVAST engine scan C:\Windows\system32\drivers
16:42:52.215 AVAST engine scan C:\Users\Adam
16:57:52.564 AVAST engine scan C:\ProgramData
17:00:01.069 Scan finished successfully
17:39:40.352 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
17:39:40.362 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"
thefuzz1877
Active Member
 
Posts: 10
Joined: July 3rd, 2013, 9:33 am

Re: Slow Computer

Unread postby melboy » July 11th, 2013, 3:56 pm

At this stage I see little to suggest a malware infection as being the cause of your problems, Adam. However, looking in greater detail at the logs you've previously supplied, I see evidence of business use that contravenes our rules.

Code: Select all
C:\Users\Adam\Desktop\Socco Brothers Auto Group Email_Payroll_reports.pdf


Unfortunately I'll have to ask that the topic is closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware