« previous next »
Pages: [1]

Author Topic: Computer running slow  (Read 2845 times)

Vannpat

  • Posts: 15
    • View Profile
Computer running slow
« on: June 25, 2013, 07:48:54 PM »

My computer is running really slow. I have posted my Hijack This scan I just completed. Please look over it for me and see what could be wrong.


 


Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 7:35:59 PM, on 6/25/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16618)



Boot mode: Normal


Running processes:

C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe

C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe

C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

C:\\Program Files (x86)\\Yahoo!\\Messenger\\ymsgr_tray.exe

C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE

C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE

C:\\Users\\Felicia\\Downloads\\HijackThis (1).exe


R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://g.msn.com/USCON/1\'>http://g.msn.com/USCON/1

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://att.my.yahoo.com/\'>http://att.my.yahoo.com/

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 64.78.157.110 vof01.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.110 vof01 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~2\\MICROS~2\\Office14\\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)

O4 - HKLM\\..\\Run: [EEventManager] \"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\"

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKLM\\..\\RunOnce: [\"C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"] \"C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"

O4 - HKCU\\..\\Run: [EPSON NX420 Series] C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIGCA.EXE /FU \"C:\\Windows\\TEMP\\E_S444.tmp\" /EF \"HKCU\"

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\\Program Files\\Dell\\DellDock\\DellDock.exe (User \'Default user\')

O4 - Startup: Dell Dock.lnk = C:\\Program Files\\Dell\\DellDock\\DellDock.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?




O9 - Extra button: @C:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll

O9 - Extra \'Tools\' menuitem: @C:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll

O9 - Extra \'Tools\' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\vmware\\vmware player\\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\vmware\\vmware player\\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.alpineaccess.com

O15 - Trusted Zone: *.alpineaccess.net

O15 - Trusted IP range: http://205.157.78.29\'>http://205.157.78.29

O15 - Trusted IP range: http://205.157.91.240\'>http://205.157.91.240

O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID=%7B896A23A1-5821-4609-A6C6-6D5536C585C9\'>http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab\'>http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB\'>http://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442\'>http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442

O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://treehouse.no-ip.biz/ActiveView.cab\'>http://treehouse.no-ip.biz/ActiveView.cab

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB\'>http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab\'>http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{28C31212-6713-4A47-8872-34C779D8B726}: NameServer = 10.124.6.3,10.124.3.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{47AF739C-9211-470F-8886-1F12156AA75E}: NameServer = 10.124.6.3,10.124.3.2

O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: SearchList = alpineaccess.com,alpineaccess.net

O17 - HKLM\\System\\CS2\\Services\\Tcpip\\Parameters: SearchList = alpineaccess.com,alpineaccess.net

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: SearchList = alpineaccess.com,alpineaccess.net

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\\Program Files\\Dell\\DellDock\\DockLogin.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\\Windows\\system32\\vmnetdhcp.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\\Windows\\system32\\vmnat.exe

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)


--

End of file - 12147 bytes


Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Computer running slow
« Reply #1 on: June 25, 2013, 09:09:21 PM »

Please do the following:


Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.




  • Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
  • Click Run Scan and let the program run uninterrupted.

  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.





 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Vannpat

  • Posts: 15
    • View Profile
Computer running slow
« Reply #2 on: June 26, 2013, 07:04:14 PM »

OTL logfile created on: 6/26/2013 6:18:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Felicia\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16618)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.97 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.76% Memory free

7.93 Gb Paging File | 6.21 Gb Available in Paging File | 78.32% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 523.88 Gb Free Space | 90.09% Space Free | Partition Type: NTFS

 

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/06/26 18:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe

PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe

PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnat.exe

PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe

PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe

PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe

PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe -- (DockLoginService)

SRV - [2013/06/12 11:57:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell DataSafe Local Backup\\SftService.exe -- (SftService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnat.exe -- (VMware NAT Service)

SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe -- (VMAuthdService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe -- (IAANTMON)

SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe -- (ufad-ws60)

SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/14 20:20:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\hcmon.sys -- (hcmon)

DRV:64bit: - [2009/08/14 20:20:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2009/08/14 20:20:44 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmci.sys -- (vmci)

DRV:64bit: - [2009/08/14 20:20:44 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2009/08/14 20:14:28 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmx86.sys -- (vmx86)

DRV:64bit: - [2009/08/14 13:40:04 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2009/08/14 13:40:04 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2009/07/30 22:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WimFltr.sys -- (WimFltr)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASENUM.SYS -- (SASENUM)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

DRV - [2008/12/01 11:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\\..\\SearchScopes\\{5AAEB2D7-D0EB-47E4-94BF-54BC862E9E8F}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\..\\SearchScopes\\{A136A9CC-255C-4131-AAB3-7407C8B4C1E5}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=%7BsearchTerms%7D&SearchSource=4&ctid=CT2438727\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://g.msn.com/USCON/1\'>http://g.msn.com/USCON/1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://att.my.yahoo.com/\'>http://att.my.yahoo.com/

IE - HKCU\\..\\SearchScopes,DefaultScope = {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}

IE - HKCU\\..\\SearchScopes\\{03B0EE02-7915-4D0C-BAE9-17A3827F4713}: \"URL\" = http://search.yahoo.com/search?fr=mcafee&p=%7BSearchTerms\'>http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7&rlz=1I7ADSA_en\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en

IE - HKCU\\..\\SearchScopes\\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: \"URL\" = http://search.yahoo.com/search?fr=chr-atty&p=%7BsearchTerms\'>http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}

IE - HKCU\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=%7BsearchTerms%7D&SearchSource=4&ctid=CT2438727\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727

IE - HKCU\\..\\SearchScopes\\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: \"URL\" = http://mystart.incredimail.com/?search=%7BsearchTerms%7D&loc=search_box_im2_test_v2\'>http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.25.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.25.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@mcafee.com/MVT: C:\\Program Files (x86)\\McAfee\\Supportability\\MVT\\NPMVTPlugin.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3555.0308: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

 

 

[2011/08/25 07:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2011/07/29 12:34:07 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npCouponPrinter.dll

[2011/07/29 12:33:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npdeployJava1.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npMozCouponPrinter.dll

[2011/03/24 10:07:32 | 000,002,024 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\McSiteAdvisor.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313\'>http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll

CHR - Extension: Google Docs = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Gmail = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

 

O1 HOSTS File: ([2013/06/18 14:08:55 | 000,001,307 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O1 - Hosts: 64.78.157.110 vof01.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.110 vof01 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3:64bit: - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\\Run: [IAAnotif] C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [Kernel and Hardware Abstraction Layer] C:\\Windows\\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [Logitech Download Assistant] C:\\Windows\\SysNative\\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [MSC] c:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [EEventManager] C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKCU..\\Run: [EPSON NX420 Series] C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIGCA.EXE /FU \"C:\\Windows\\TEMP\\E_S444.tmp\" /EF \"HKCU\" File not found

O4 - HKLM..\\RunOnce: [\"C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"] C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe (Dell)

O4 - Startup: C:\\Users\\Felicia\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk =  File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 157

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: LogonHoursAction = 2

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: DontDisplayLogonHoursWarnings = 1



O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\\..Trusted Domains: alpineaccess.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: alpineaccess.net ([]* in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range1 ([http] in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range2 ([http] in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID=%7B896A23A1-5821-4609-A6C6-6D5536C585C9\'>http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab\'>http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB\'>http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442\'>http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442 (MUCatalogWebControl Class)

O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://treehouse.no-ip.biz/ActiveView.cab\'>http://treehouse.no-ip.biz/ActiveView.cab (ActiveView Control)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB\'>http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab\'>http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{28C31212-6713-4A47-8872-34C779D8B726}: NameServer = 10.124.6.3,10.124.3.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{471273CC-2F13-4283-A8E4-077C3C484F05}: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{47AF739C-9211-470F-8886-1F12156AA75E}: NameServer = 10.124.6.3,10.124.3.2

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-itss - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\GoToAssist: DllName - (C:\\Program Files (x86)\\Citrix\\GoToAssist\\514\\G2AWinLogon_x64.dll) -  File not found

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\\Notify\\LBTWlgn: DllName - (c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll) - c:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\\Notify\\!SASWinLogon: DllName - (C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll) - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\\{d6ee6399-344d-11e0-bf24-463500000031}\\Shell\\AutoRun\\command - \"\" = J:\\autorun.exe

O33 - MountPoints2\\{d6ee6399-344d-11e0-bf24-463500000031}\\Shell\\phone\\command - \"\" = J:\\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/06/26 18:17:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

[2013/06/24 23:05:00 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\Documents\\MyConnection Detail Analysis_files

[2013/06/24 22:55:01 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\AppData\\Roaming\\Oracle

[2013/06/24 22:52:35 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java

[2013/06/24 22:52:18 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\npDeployJava1.dll

[2013/06/24 22:52:17 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/24 22:51:52 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/24 22:51:52 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/24 22:51:52 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/24 22:51:23 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Java

[2013/06/24 22:50:00 | 000,000,000 | ---D | C] -- C:\\ProgramData\\McAfee

[2013/06/24 20:30:59 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Belarc

[2013/06/24 18:44:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WindowsCodecs.dll

[2013/06/24 12:10:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome

[2013/06/24 11:55:00 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SecTaskMan

[2013/06/24 11:54:56 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Security Task Manager

[2013/06/24 03:27:52 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\MsSpellCheckingFacility.exe

[2013/06/24 03:27:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\elshyph.dll

[2013/06/24 03:27:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\elshyph.dll

[2013/06/24 03:27:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\RegisterIEPKEYs.exe

[2013/06/24 03:27:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmlmedia.dll

[2013/06/24 03:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\jscript.dll

[2013/06/24 03:27:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieui.dll

[2013/06/24 03:27:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msrating.dll

[2013/06/24 03:27:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iexpress.exe

[2013/06/24 03:27:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wextract.exe

[2013/06/24 03:27:51 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieUnatt.exe

[2013/06/24 03:27:51 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\occache.dll

[2013/06/24 03:27:51 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iepeers.dll

[2013/06/24 03:27:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\IEAdvpack.dll

[2013/06/24 03:27:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesysprep.dll

[2013/06/24 03:27:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\inseng.dll

[2013/06/24 03:27:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmled.dll

[2013/06/24 03:27:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\SetIEInstalledDate.exe

[2013/06/24 03:27:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\pngfilt.dll

[2013/06/24 03:27:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmler.dll

[2013/06/24 03:27:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msfeedssync.exe

[2013/06/24 03:27:50 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\inetcpl.cpl

[2013/06/24 03:27:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieapfltr.dat

[2013/06/24 03:27:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieapfltr.dat

[2013/06/24 03:27:50 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieapfltr.dll

[2013/06/24 03:27:50 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieapfltr.dll

[2013/06/24 03:27:50 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dxtmsft.dll

[2013/06/24 03:27:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\html.iec

[2013/06/24 03:27:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\html.iec

[2013/06/24 03:27:50 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dxtrans.dll

[2013/06/24 03:27:50 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\url.dll

[2013/06/24 03:27:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msls31.dll

[2013/06/24 03:27:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msrating.dll

[2013/06/24 03:27:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\RegisterIEPKEYs.exe

[2013/06/24 03:27:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\icardie.dll

[2013/06/24 03:27:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\icardie.dll

[2013/06/24 03:27:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesetup.dll

[2013/06/24 03:27:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\tdc.ocx

[2013/06/24 03:27:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesetup.dll

[2013/06/24 03:27:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ie4uinit.exe

[2013/06/24 03:27:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iernonce.dll

[2013/06/24 03:27:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iernonce.dll

[2013/06/24 03:27:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\licmgr10.dll

[2013/06/24 03:27:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript9.dll

[2013/06/24 03:27:49 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\inetcpl.cpl

[2013/06/24 03:27:49 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmlmedia.dll

[2013/06/24 03:27:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript.dll

[2013/06/24 03:27:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeeds.dll

[2013/06/24 03:27:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\vbscript.dll

[2013/06/24 03:27:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieui.dll

[2013/06/24 03:27:49 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\url.dll

[2013/06/24 03:27:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieUnatt.exe

[2013/06/24 03:27:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iexpress.exe

[2013/06/24 03:27:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\occache.dll

[2013/06/24 03:27:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wextract.exe

[2013/06/24 03:27:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesysprep.dll

[2013/06/24 03:27:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iepeers.dll

[2013/06/24 03:27:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\IEAdvpack.dll

[2013/06/24 03:27:49 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\inseng.dll

[2013/06/24 03:27:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmled.dll

[2013/06/24 03:27:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\SetIEInstalledDate.exe

[2013/06/24 03:27:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\tdc.ocx

[2013/06/24 03:27:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\pngfilt.dll

[2013/06/24 03:27:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\imgutil.dll

[2013/06/24 03:27:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmler.dll

[2013/06/24 03:27:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\licmgr10.dll

[2013/06/24 03:27:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshta.exe

[2013/06/24 03:27:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeedssync.exe

[2013/06/24 03:26:36 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msmpeg2vdec.dll

[2013/06/24 03:26:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msmpeg2vdec.dll

[2013/06/24 03:26:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\XpsPrint.dll

[2013/06/24 03:26:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\XpsPrint.dll

[2013/06/24 03:26:36 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\XpsGdiConverter.dll

[2013/06/24 03:26:36 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WMPhoto.dll

[2013/06/24 03:26:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\WMPhoto.dll

[2013/06/24 03:26:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\XpsGdiConverter.dll

[2013/06/24 03:26:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/24 03:26:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/24 03:26:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/24 03:26:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/24 03:26:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/24 03:26:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/24 03:26:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/24 03:26:35 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d2d1.dll

[2013/06/24 03:26:35 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10warp.dll

[2013/06/24 03:26:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\DWrite.dll

[2013/06/24 03:26:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10.dll

[2013/06/24 03:26:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10level9.dll

[2013/06/24 03:26:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dxgi.dll

[2013/06/24 03:26:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10_1core.dll

[2013/06/24 03:26:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10core.dll

[2013/06/24 03:26:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WindowsCodecsExt.dll

[2013/06/24 03:26:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\UIAnimation.dll

[2013/06/24 03:26:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3d10_1.dll

[2013/06/24 03:26:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\UIAnimation.dll

[2013/06/24 03:10:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\\Windows\\SysNative\\atmlib.dll

[2013/06/24 03:10:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\\Windows\\SysWow64\\atmlib.dll

[2013/06/24 03:10:29 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\\Windows\\SysNative\\atmfd.dll

[2013/06/24 03:10:29 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\atmfd.dll

[2013/06/23 23:17:56 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\dxgmms1.sys

[2013/06/23 23:17:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\cdd.dll

[2013/06/23 23:17:41 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mstscax.dll

[2013/06/23 23:17:40 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mstscax.dll

[2013/06/23 23:17:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\aaclient.dll

[2013/06/23 23:17:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\aaclient.dll

[2013/06/23 23:17:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\tsgqec.dll

[2013/06/23 23:17:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\tsgqec.dll

[2013/06/23 23:17:28 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\FWPKCLNT.SYS

[2013/06/23 23:16:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\authui.dll

[2013/06/23 23:16:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\authui.dll

[2013/06/23 23:16:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\shdocvw.dll

[2013/06/23 23:16:59 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\consent.exe

[2013/06/23 23:16:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wwanprotdim.dll

[2013/06/23 23:16:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usb8023.sys

[2013/06/23 23:15:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dpnet.dll

[2013/06/23 23:15:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\dpnet.dll

[2013/06/23 23:15:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ncrypt.dll

[2013/06/23 23:15:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\winsrv.dll

[2013/06/23 23:15:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\setup16.exe

[2013/06/23 23:15:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ntvdm64.dll

[2013/06/23 23:15:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\instnm.exe

[2013/06/23 23:15:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\user.exe

[2013/06/23 23:15:42 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\usp10.dll

[2013/06/23 23:15:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\fpb.rs

[2013/06/23 23:15:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\fpb.rs

[2013/06/23 23:15:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\oflc-nz.rs

[2013/06/23 23:15:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\oflc-nz.rs

[2013/06/23 23:15:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\csrr.rs

[2013/06/23 23:15:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\csrr.rs

[2013/06/23 23:15:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\cob-au.rs

[2013/06/23 23:15:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\cob-au.rs

[2013/06/23 23:15:36 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\gameux.dll

[2013/06/23 23:15:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\gameux.dll

[2013/06/23 23:15:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\Wpc.dll

[2013/06/23 23:15:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\pegibbfc.rs

[2013/06/23 23:15:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\pegibbfc.rs

[2013/06/23 23:15:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\usk.rs

[2013/06/23 23:15:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\usk.rs

[2013/06/23 23:15:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\grb.rs

[2013/06/23 23:15:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\grb.rs

[2013/06/23 23:15:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\pegi-pt.rs

[2013/06/23 23:15:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\pegi-pt.rs

[2013/06/23 23:15:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\pegi.rs

[2013/06/23 23:15:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\pegi.rs

[2013/06/23 23:15:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\djctq.rs

[2013/06/23 23:15:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\djctq.rs

[2013/06/23 23:15:35 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\Wpc.dll

[2013/06/23 23:15:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\cero.rs

[2013/06/23 23:15:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\cero.rs

[2013/06/23 23:15:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\esrb.rs

[2013/06/23 23:15:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\esrb.rs

[2013/06/23 23:15:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\oflc.rs

[2013/06/23 23:15:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\oflc.rs

[2013/06/23 23:15:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysWow64\\pegi-fi.rs

[2013/06/23 23:15:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\\Windows\\SysNative\\pegi-fi.rs

[2013/06/23 23:15:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\KernelBase.dll

[2013/06/23 23:14:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\kernel32.dll

[2013/06/23 23:14:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wow64win.dll

[2013/06/23 23:14:56 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\conhost.exe

[2013/06/23 23:14:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wow64.dll

[2013/06/23 23:14:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ntvdm64.dll

[2013/06/23 23:14:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wow64cpu.dll

[2013/06/23 23:14:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-string-l1-1-0.dll

[2013/06/23 23:14:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-file-l1-1-0.dll

[2013/06/23 23:14:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-file-l1-1-0.dll

[2013/06/23 23:14:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-security-base-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-threadpool-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-processthreads-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-processthreads-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-synch-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-synch-l1-1-0.dll

[2013/06/23 23:14:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-misc-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-misc-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-xstate-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-util-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-string-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-profile-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-profile-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-delayload-l1-1-0.dll

[2013/06/23 23:14:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-delayload-l1-1-0.dll

[2013/06/23 23:14:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-security-base-l1-1-0.dll

[2013/06/23 23:14:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-localregistry-l1-1-0.dll

[2013/06/23 23:14:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-localregistry-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-xstate-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-memory-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-memory-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-interlocked-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-heap-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-heap-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-io-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-io-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-interlocked-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-handle-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-handle-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-fibers-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-fibers-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-debug-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-debug-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-datetime-l1-1-0.dll

[2013/06/23 23:14:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-datetime-l1-1-0.dll

[2013/06/23 23:14:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-threadpool-l1-1-0.dll

[2013/06/23 23:14:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-util-l1-1-0.dll

[2013/06/23 23:14:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/06/23 23:14:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-localization-l1-1-0.dll

[2013/06/23 23:14:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-core-localization-l1-1-0.dll

[2013/06/23 23:14:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-core-console-l1-1-0.dll

Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Computer running slow
« Reply #3 on: June 26, 2013, 09:38:17 PM »

-AdwCleaner-


Please download http://www.bleepingcomputer.com/download/adwcleaner/\'>AdwCleaner by Xplode onto your desktop.


Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-


Please download http://www.bleepingcomputer.com/download/junkware-removal-tool/\'>Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system\'s specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt


In addition: Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe\'>here or http://screen317.changelog.fr/SecurityCheck.exe\'>here.


  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Can you please keep me informed how things are now running!


« Last Edit: June 26, 2013, 09:39:57 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Vannpat

  • Posts: 15
    • View Profile
Computer running slow
« Reply #4 on: June 27, 2013, 11:22:14 PM »

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 22:49:23

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Felicia - FELICIA-PC

# Boot Mode : Normal

# Running from : C:\\Users\\Felicia\\Desktop\\AdwCleaner.exe

# Option [Delete]



***** [Services] *****


Stopped & Deleted : IBUpdaterService


***** [Files / Folders] *****


Folder Deleted : C:\\Program Files (x86)\\Conduit

Folder Deleted : C:\\Program Files (x86)\\IncrediMail_MediaBar_2

Folder Deleted : C:\\Program Files (x86)\\Upromise

Folder Deleted : C:\\Program Files (x86)\\Zynga

Folder Deleted : C:\\Program Files\\Web Assistant

Folder Deleted : C:\\ProgramData\\IBUpdaterService

Folder Deleted : C:\\Users\\Felicia\\AppData\\Local\\Conduit

Folder Deleted : C:\\Users\\Felicia\\AppData\\LocalLow\\Conduit

Folder Deleted : C:\\Users\\Felicia\\AppData\\LocalLow\\IncrediMail_MediaBar_2

Folder Deleted : C:\\Users\\Felicia\\AppData\\LocalLow\\Zynga

Folder Deleted : C:\\Users\\Felicia\\AppData\\Roaming\\file scout

Folder Deleted : C:\\Users\\Felicia\\AppData\\Roaming\\PerformerSoft


***** [Registry] *****


Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Conduit

Key Deleted : HKCU\\Software\\IM

Key Deleted : HKCU\\Software\\ImInstaller

Key Deleted : HKCU\\Toolbar

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\\Software\\ImInstaller

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\ConduitInstaller_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\ConduitInstaller_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Updater Service

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]


***** [Internet Browsers] *****


-\\\\ Internet Explorer v10.0.9200.16618


[OK] Registry is clean.


-\\\\ Google Chrome v27.0.1453.116


File : C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences


[OK] File is clean.


File : C:\\Users\\CCP FRNicholson\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences


[OK] File is clean.


*************************


AdwCleaner[S1].txt - [2771 octets] - [27/06/2013 22:49:23]


########## EOF - C:\\AdwCleaner[S1].txt - [2831 octets] ##########


 


 


 


 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Felicia on Thu 06/27/2013 at 22:58:23.43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 



~~~ Services


 


~~~ Registry Values


 


~~~ Registry Keys


 


~~~ Files


Successfully deleted: [File] \"C:\\Program Files (x86)\\mozilla firefox\\plugins\\npcouponprinter.dll\"

Successfully deleted: [File] \"C:\\Program Files (x86)\\mozilla firefox\\plugins\\npmozcouponprinter.dll\"


 


~~~ Folders


Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{007B4A63-4BFB-48D2-8A39-1877E281CBF4}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{04DEA222-E934-4D28-87F9-30246D86A7EF}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{0797FD12-16FC-4556-8D6F-C2A59D250107}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{095EE753-F401-4DAD-8D1A-922BAD52FF31}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{0C02AADD-E823-4432-BD84-493D9E752601}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{0FCBD36D-B7EE-4211-A3CE-5653780DC3F0}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{121F23D9-209B-4436-90D5-D075B084F7D3}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{137EF344-5702-4DF3-A820-B29743A3014D}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{142746D7-2335-4232-8027-13A5703751E8}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{16CEBDC8-0531-4A6E-A000-49E85E456E6F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{17F835D3-D574-4F9B-BC31-0ECFEC56165B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{1EC03301-2AE2-47C4-966E-5241EE3BCEA3}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{1EF4F8CE-FE14-4F2D-8D23-2F0AD3633E1D}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{1FEC78AB-4514-451D-B9D9-D8BDA5037AC6}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{224096EE-EA1D-4C70-9CC3-860C108BB4B4}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{2346BC21-62B0-44F3-9691-54A4FA34CF13}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{26E7D6C8-0C1E-4B81-A1E9-5F4A8DF95A77}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{2864A35A-EFB5-4F83-94AD-6D9F563926DA}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{294E85E7-3BA9-4FDC-A1D3-D46E4B7B7453}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{2A7DB346-5084-49C4-AA76-728AF377A67B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{2CCF03D9-37EB-49EB-AEDC-0CF0DA2A3CA0}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{2EB4EF3B-0A80-444A-AE3B-EDD18DB125C1}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{345F861C-34EF-4F3B-9803-25A294BBC6E0}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{3DEFB37C-0831-4487-A0FF-945BED1B7A91}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{426067D8-AB4B-46CD-AA33-A9F0C430727A}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{4354E61E-1620-44A8-A8A9-107CE56C31AB}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{43EC51F9-1708-4C8F-9968-C53F16D13F6F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{488C2787-364F-4B72-9341-368374925901}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{4B4383B7-5649-46B5-BE9A-8687387B619E}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{50D3AC70-BA5D-4C22-8D4C-5A3EBE05444F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{524E49B3-E2C8-44B0-BCF9-D11C0DED97D6}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{59BF4595-A967-4CE8-B943-F2213E10F061}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{5CB4D245-6E43-4DD1-89D8-FCB0E96B33A7}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{5D90D28A-FA57-403F-A081-3D52170EA3EC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{5E14C6D1-3FCA-4E0B-911E-500BAD76799B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{63671F01-3A85-4C12-9CD6-3E18EA56B4AB}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{666BA7CB-AC1E-4F64-8458-E716EAE56701}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{6752F6EE-1070-4DC9-8357-7099E9B256BC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{677D7713-2ABB-4EA0-B558-7EBB039A0977}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{69D24A52-1798-479D-B700-195E82DCA74B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{6A58988F-48FB-4A5F-882A-E5F1F8C9B0A0}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{6A66F37C-9702-4829-851F-A7D7378C265B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{6AB49C5B-E198-4B1F-A96C-DCEF6B0649FE}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{6F86E205-DC9A-44A6-8B75-D3BB2FD26FFA}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{703D4098-9B76-4866-8273-FCDB9609789A}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{7173C6E4-5F81-4FE9-B35A-4C6B236DA5FC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{73B57315-2954-4645-A857-718035AF12AE}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{74BB8E19-D566-4B41-94AB-F7509618D280}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{791A2AB0-DF44-4D2D-BE30-9262030F8477}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{7B1DBB3F-D6F2-46AA-AA87-ED38276F9422}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{7D62E1D6-FD0F-4E26-8D0B-C0E845CB9056}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{7D74191F-5EAB-45D9-83F4-1A1FDF4B5C5F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{837A3DA6-D0B6-411D-AC5A-132B59287053}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{83A6F46A-7810-44E9-9860-27FBBA9E3E35}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{83DF250E-92C1-4516-9350-B2C30BD233B1}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{8732D3FA-53A0-4EFF-BD9E-1106C1DDF8A2}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{889D004F-B731-406A-9BC2-D9B1A3CA7834}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{8D994B3D-BA32-4BF0-827A-E2878D51033E}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{91682122-EAA6-40DA-BA0D-C414B15C4E81}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{93516DF7-F9E7-415D-98FA-EA508D3B6034}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{981043B7-7893-473E-82DF-A0DDE79C9A08}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{9ACF45E6-742C-4ED3-B0D7-17F8F47C6236}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A0444E34-D600-4792-A29C-DAD12A360B23}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A1355964-F7AF-40FC-A248-CB768A53A047}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A2F9F69F-1D07-4BF1-9BF5-58D1A94C3F18}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A33B51E3-3E00-4FF9-908B-3920E965EA6C}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A3B2CDC2-DA84-42ED-9CBC-33355E2832CC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A7ADCED5-28A4-42F4-A9D7-55F5FA2D676F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A7BC3184-1711-4B85-AAFD-97E29B7EA3AD}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{A854D9FF-821A-4FAF-80A3-70B52005D85C}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{AD461E0E-443B-4E19-AF44-37E6AE4DD6DF}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B0725D7F-0C60-430F-B6EE-5DF770827AC0}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B1E10334-EFD8-47F6-95F9-65D7A78F1A81}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B314AF31-3A81-4FB5-A78F-8060C1D9F61D}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B5FC982A-F29C-4B8A-B843-59A0E17B6CA7}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B6A5F273-A250-4DA7-93AB-D7FECFE299BC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B786E71F-E87F-44AD-AD50-18CBA591FB48}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{B9F8C92C-0E83-48F3-8E0C-8B298351B3C1}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{BCA89C74-3F76-49AC-9CA1-70E47861FDB4}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{C39F7F11-915E-4035-9B93-7291F7D79CEC}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{C3FA4522-EE95-4590-B209-325F87BA0675}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{C4EF65A9-92EA-4DA8-A81E-ECB156EADB47}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{C78C69EB-61DD-45AC-9D1A-A382DF268C86}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{CED9A77A-F618-404C-ADB9-3396CBA1E716}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{CF70CD73-7DE2-449D-B8A5-BCFDD0F88C40}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D09962F6-2B9D-49D7-B614-9F61475E9C9B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D26BA24A-A255-490A-839A-83281D347272}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D2747B58-DA42-4F2D-841B-95A14E16EFF7}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D3A30788-0514-4CE0-9EA1-8D2525DDFAD3}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D5233253-DC80-43D7-90B1-3182CC77ED07}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D8672C40-18E0-4592-9662-98D574067176}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{D8FD5405-CE04-4622-9C47-7C27C49F7943}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{DAD6652C-1FC7-46B8-96BC-A5FEDD39564A}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{E0913E83-E724-4CCA-976D-F939762BA0C5}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{E1DE23FF-1E8C-477D-9401-7C0BAD90C2D9}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{E313DE4E-FE01-4000-8F15-7CF674C3135B}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{E3D24E40-4444-4230-9361-3FB748D6FEEE}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{E458F6AB-BE58-448A-AF05-ABFC4449542F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{F289278D-0206-4945-B61A-359A8BBFBC22}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{F797F750-51BD-4B15-B948-5C01912D0FDB}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{F872DACF-90E4-405F-975F-B91266C4820F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{F90903FC-6B6E-4441-8CB4-2694491B2E1F}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{FC6B7FA5-4BA6-4B5A-B902-4B7BE89BAB85}

Successfully deleted: [Empty Folder] C:\\Users\\Felicia\\appdata\\local\\{FFCAC86D-7D2A-4462-80AA-36F196735594}


 


~~~ Event Viewer Logs were cleared


 


 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 06/27/2013 at 23:02:00.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


 


 


 


OTL logfile created on: 6/27/2013 11:03:08 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Felicia\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16618)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 38.55% Memory free

7.93 Gb Paging File | 4.32 Gb Available in Paging File | 54.52% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 521.72 Gb Free Space | 89.72% Space Free | Partition Type: NTFS

 

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/06/26 18:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe

PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe

PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnat.exe

PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe

PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe

PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe

PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe -- (DockLoginService)

SRV - [2013/06/12 11:57:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell DataSafe Local Backup\\SftService.exe -- (SftService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnat.exe -- (VMware NAT Service)

SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe -- (VMAuthdService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe -- (IAANTMON)

SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe -- (ufad-ws60)

SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/14 20:20:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\hcmon.sys -- (hcmon)

DRV:64bit: - [2009/08/14 20:20:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2009/08/14 20:20:44 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmci.sys -- (vmci)

DRV:64bit: - [2009/08/14 20:20:44 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2009/08/14 20:14:28 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmx86.sys -- (vmx86)

DRV:64bit: - [2009/08/14 13:40:04 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2009/08/14 13:40:04 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2009/07/30 22:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WimFltr.sys -- (WimFltr)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASENUM.SYS -- (SASENUM)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

DRV - [2008/12/01 11:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope =

IE:64bit: - HKLM\\..\\SearchScopes\\{5AAEB2D7-D0EB-47E4-94BF-54BC862E9E8F}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\..\\SearchScopes\\{A136A9CC-255C-4131-AAB3-7407C8B4C1E5}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://g.msn.com/USCON/1\'>http://g.msn.com/USCON/1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://att.my.yahoo.com/\'>http://att.my.yahoo.com/

IE - HKCU\\..\\SearchScopes,DefaultScope = {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}

IE - HKCU\\..\\SearchScopes\\{03B0EE02-7915-4D0C-BAE9-17A3827F4713}: \"URL\" = http://search.yahoo.com/search?fr=mcafee&p=%7BSearchTerms\'>http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7&rlz=1I7ADSA_en\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en

IE - HKCU\\..\\SearchScopes\\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: \"URL\" = http://search.yahoo.com/search?fr=chr-atty&p=%7BsearchTerms\'>http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.25.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.25.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@mcafee.com/MVT: C:\\Program Files (x86)\\McAfee\\Supportability\\MVT\\NPMVTPlugin.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3555.0308: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

 

 

[2011/08/25 07:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2011/07/29 12:34:07 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/07/29 12:33:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npdeployJava1.dll

[2011/03/24 10:07:32 | 000,002,024 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\McSiteAdvisor.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313\'>http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://att.yahoo.com/\'>http://att.yahoo.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\plugins\\npMozCouponPrinter.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\\Program Files (x86)\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll

CHR - plugin: ActiveX hosting plugin for Firefox (Enabled) = C:\\Program Files\\Firefox ActiveX Plugin\\npffax.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_202.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll

CHR - Extension: Google Docs = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Gmail = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

 

O1 HOSTS File: ([2013/06/18 14:08:55 | 000,001,307 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O1 - Hosts: 64.78.157.110 vof01.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.110 vof01 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.94 a2fp3 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2.alpineaccess.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O1 - Hosts: 64.78.157.93 a2fp2 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3:64bit: - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4:64bit: - HKLM..\\Run: [IAAnotif] C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [Kernel and Hardware Abstraction Layer] C:\\Windows\\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [Logitech Download Assistant] C:\\Windows\\SysNative\\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [MSC] c:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [EEventManager] C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKCU..\\Run: [EPSON NX420 Series] C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIGCA.EXE /FU \"C:\\Windows\\TEMP\\E_S444.tmp\" /EF \"HKCU\" File not found

O4 - HKLM..\\RunOnce: [\"C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"] C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe (Dell)

O4 - Startup: C:\\Users\\Felicia\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk =  File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 157

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: LogonHoursAction = 2

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: DontDisplayLogonHoursWarnings = 1



O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\\..Trusted Domains: alpineaccess.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: alpineaccess.net ([]* in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range1 ([http] in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range2 ([http] in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID=%7B896A23A1-5821-4609-A6C6-6D5536C585C9\'>http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab\'>http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB\'>http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442\'>http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442 (MUCatalogWebControl Class)

O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://treehouse.no-ip.biz/ActiveView.cab\'>http://treehouse.no-ip.biz/ActiveView.cab (ActiveView Control)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB\'>http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab\'>http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{28C31212-6713-4A47-8872-34C779D8B726}: NameServer = 10.124.6.3,10.124.3.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{471273CC-2F13-4283-A8E4-077C3C484F05}: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{47AF739C-9211-470F-8886-1F12156AA75E}: NameServer = 10.124.6.3,10.124.3.2

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-itss - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\GoToAssist: DllName - (C:\\Program Files (x86)\\Citrix\\GoToAssist\\514\\G2AWinLogon_x64.dll) -  File not found

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\\Notify\\LBTWlgn: DllName - (c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll) - c:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\\Notify\\!SASWinLogon: DllName - (C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll) - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\\{d6ee6399-344d-11e0-bf24-463500000031}\\Shell\\AutoRun\\command - \"\" = J:\\autorun.exe

O33 - MountPoints2\\{d6ee6399-344d-11e0-bf24-463500000031}\\Shell\\phone\\command - \"\" = J:\\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/06/27 22:58:18 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2013/06/27 22:57:52 | 000,000,000 | ---D | C] -- C:\\JRT

[2013/06/27 22:46:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\\Users\\Felicia\\Desktop\\JRT.exe

[2013/06/27 22:42:16 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\\Windows\\SysNative\\roboot64.exe

[2013/06/27 22:42:10 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\AppData\\Local\\Programs

[2013/06/26 18:17:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

[2013/06/24 23:05:00 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\Documents\\MyConnection Detail Analysis_files

[2013/06/24 22:55:01 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\AppData\\Roaming\\Oracle

[2013/06/24 22:52:35 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java

[2013/06/24 22:52:18 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\npDeployJava1.dll

[2013/06/24 22:52:17 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/24 22:51:52 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/24 22:51:52 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/24 22:51:52 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/24 22:51:23 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Java

[2013/06/24 22:50:00 | 000,000,000 | ---D | C] -- C:\\ProgramData\\McAfee

[2013/06/24 20:30:59 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Belarc

[2013/06/24 18:44:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WindowsCodecs.dll

[2013/06/24 12:10:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome

[2013/06/24 11:55:00 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SecTaskMan

[2013/06/24 11:54:56 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Security Task Manager

[2013/06/24 03:27:52 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\MsSpellCheckingFacility.exe

[2013/06/24 03:27:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\elshyph.dll

[2013/06/24 03:27:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\elshyph.dll

[2013/06/24 03:27:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\RegisterIEPKEYs.exe

[2013/06/24 03:27:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmlmedia.dll

[2013/06/24 03:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\jscript.dll

[2013/06/24 03:27:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieui.dll

[2013/06/24 03:27:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msrating.dll

[2013/06/24 03:27:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iexpress.exe

[2013/06/24 03:27:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wextract.exe

[2013/06/24 03:27:51 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieUnatt.exe

[2013/06/24 03:27:51 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\occache.dll

[2013/06/24 03:27:51 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iepeers.dll

[2013/06/24 03:27:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\IEAdvpack.dll

[2013/06/24 03:27:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesysprep.dll

[2013/06/24 03:27:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\inseng.dll

[2013/06/24 03:27:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmled.dll

[2013/06/24 03:27:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\SetIEInstalledDate.exe

[2013/06/24 03:27:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\pngfilt.dll

[2013/06/24 03:27:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmler.dll

[2013/06/24 03:27:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msfeedssync.exe

[2013/06/24 03:27:50 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\inetcpl.cpl

[2013/06/24 03:27:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieapfltr.dat

[2013/06/24 03:27:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieapfltr.dat

[2013/06/24 03:27:50 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieapfltr.dll

[2013/06/24 03:27:50 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieapfltr.dll

[2013/06/24 03:27:50 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dxtmsft.dll

[2013/06/24 03:27:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\html.iec

[2013/06/24 03:27:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\html.iec

[2013/06/24 03:27:50 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\dxtrans.dll

[2013/06/24 03:27:50 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\url.dll

[2013/06/24 03:27:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msls31.dll

[2013/06/24 03:27:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msrating.dll

[2013/06/24 03:27:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\RegisterIEPKEYs.exe

[2013/06/24 03:27:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\icardie.dll

[2013/06/24 03:27:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\icardie.dll

[2013/06/24 03:27:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesetup.dll

[2013/06/24 03:27:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\tdc.ocx

[2013/06/24 03:27:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesetup.dll

[2013/06/24 03:27:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ie4uinit.exe

[2013/06/24 03:27:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iernonce.dll

[2013/06/24 03:27:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iernonce.dll

[2013/06/24 03:27:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\licmgr10.dll

[2013/06/24 03:27:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript9.dll

[2013/06/24 03:27:49 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\inetcpl.cpl

[2013/06/24 03:27:49 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmlmedia.dll

[2013/06/24 03:27:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript.dll

[2013/06/24 03:27:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeeds.dll

[2013/06/24 03:27:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\vbscript.dll

[2013/06/24 03:27:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieui.dll

[2013/06/24 03:27:49 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\url.dll

[2013/06/24 03:27:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieUnatt.exe

[2013/06/24 03:27:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iexpress.exe

[2013/06/24 03:27:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\occache.dll

[2013/06/24 03:27:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wextract.exe

[2013/06/24 03:27:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesysprep.dll

[2013/06/24 03:27:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iepeers.dll

[2013/06/24 03:27:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\IEAdvpack.dll

[2013/06/24 03:27:49 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\inseng.dll

[2013/06/24 03:27:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmled.dll

[2013/06/24 03:27:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\SetIEInstalledDate.exe

[2013/06/24 03:27:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\tdc.ocx

[2013/06/24 03:27:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\pngfilt.dll

[2013/06/24 03:27:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\imgutil.dll

[2013/06/24 03:27:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmler.dll

[2013/06/24 03:27:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\licmgr10.dll

[2013/06/24 03:27:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshta.exe

[2013/06/24 03:27:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeedssync.exe

[2013/06/24 03:26:36 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msmpeg2vdec.dll

[2013/06/24 03:26:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msmpeg2vdec.dll

[2013/06/24 03:26:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\XpsPrint.dll

[2013/06/24 03:26:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\XpsPrint.dll

[2013/06/24 03:26:36 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\XpsGdiConverter.dll

[2013/06/24 03:26:36 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WMPhoto.dll

[2013/06/24 03:26:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\WMPhoto.dll

[2013/06/24 03:26:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\XpsGdiConverter.dll

[2013/06/24 03:26:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/24 03:26:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/24 03:26:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\api-ms-win-downlevel-ole32-l1-1-0.dll

Logged

Vannpat

  • Posts: 15
    • View Profile
Computer running slow
« Reply #5 on: June 29, 2013, 11:22:22 AM »

My computer is still running somewhat slow. Especially with my browsers, just waiting for a page to open or navigating to another page.


Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Computer running slow
« Reply #6 on: June 29, 2013, 10:10:43 PM »

Sorry for the delay, can you still do the following


Download ComboFix from the following location

http://download.bleepingcomputer.com/sUBs/ComboFix.exe\'>Link 1
Save it ONLY to your Desktop


--------------------------------------------------------------------
Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool


 


  • Double click on ComboFix.exe & follow the prompts.



If prompted

Click on Yes, to continue scanning for malware.


When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt in your next reply


NOTE: Do not mouseclick inside ComboFix window as it\'s running, it may cause it to stall

ComboFix will/may run again on startup, it will prompt that it\'s creating a log

This process could take up to 10 minutes, let it run uninterrupted please



 

« Last Edit: June 30, 2013, 10:05:28 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Vannpat

  • Posts: 15
    • View Profile
Computer running slow
« Reply #7 on: July 02, 2013, 06:10:21 PM »

ComboFix 13-07-02.03 - Felicia 07/02/2013  17:36:48.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2770 [GMT -5:00]

Running from: c:\\users\\Felicia\\Desktop\\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\\programdata\\43638520

c:\\users\\Felicia\\AppData\\Local\\{1FEC78AB-4514-451D-B9D9-D8BDA5037AC6}

c:\\users\\Felicia\\AppData\\Local\\{1FEC78AB-4514-451D-B9D9-D8BDA5037AC6}\\chrome\\content\\overlay.xul

c:\\users\\Felicia\\AppData\\Local\\{1FEC78AB-4514-451D-B9D9-D8BDA5037AC6}\\install.rdf

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))

.

.

2013-07-02 21:47 . 2013-07-02 21:47 76232 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{CFAC2DB6-E85C-450A-8890-FC6A2C883BAC}\\offreg.dll

2013-07-02 21:45 . 2013-06-12 03:08 9552976 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{CFAC2DB6-E85C-450A-8890-FC6A2C883BAC}\\mpengine.dll

2013-07-02 00:29 . 2013-06-12 03:08 9552976 ----a-w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\Backup\\mpengine.dll

2013-06-28 03:58 . 2013-06-28 03:58 -------- d-----w- c:\\windows\\ERUNT

2013-06-28 03:57 . 2013-06-28 03:57 -------- d-----w- C:\\JRT

2013-06-28 03:42 . 2013-06-28 03:40 595712 ----a-w- c:\\program files (x86)\\Uninstall Information\\Ib\\79\\3683\\ib_uninstall.exe

2013-06-28 03:42 . 2012-12-19 20:53 19632 ----a-w- c:\\windows\\system32\\roboot64.exe

2013-06-28 03:42 . 2013-06-28 03:42 -------- d-----w- c:\\users\\Felicia\\AppData\\Local\\Programs

2013-06-25 03:55 . 2013-06-25 03:55 -------- d-----w- c:\\users\\Felicia\\AppData\\Roaming\\Oracle

2013-06-25 03:52 . 2013-06-25 03:52 -------- d-----w- c:\\program files (x86)\\Common Files\\Java

2013-06-25 03:52 . 2013-06-25 03:51 867240 ----a-w- c:\\windows\\SysWow64\\npDeployJava1.dll

2013-06-25 03:51 . 2013-06-25 03:51 96168 ----a-w- c:\\windows\\SysWow64\\WindowsAccessBridge-32.dll

2013-06-25 03:51 . 2013-06-25 03:51 -------- d-----w- c:\\program files (x86)\\Java

2013-06-25 03:50 . 2013-06-25 03:50 -------- d-----w- c:\\programdata\\McAfee

2013-06-25 01:30 . 2013-06-25 04:28 -------- d-----w- c:\\program files (x86)\\Belarc

2013-06-24 23:44 . 2013-04-17 07:02 1230336 ----a-w- c:\\windows\\SysWow64\\WindowsCodecs.dll

2013-06-24 23:44 . 2013-04-17 06:24 1424384 ----a-w- c:\\windows\\system32\\WindowsCodecs.dll

2013-06-24 16:55 . 2013-06-24 16:58 -------- d-----w- c:\\programdata\\SecTaskMan

2013-06-24 08:26 . 2013-06-24 08:26 9728 ---ha-w- c:\\windows\\SysWow64\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-24 08:10 . 2012-12-16 17:11 46080 ----a-w- c:\\windows\\system32\\atmlib.dll

2013-06-24 08:10 . 2012-12-16 14:13 34304 ----a-w- c:\\windows\\SysWow64\\atmlib.dll

2013-06-24 08:10 . 2012-12-16 14:45 367616 ----a-w- c:\\windows\\system32\\atmfd.dll

2013-06-24 08:10 . 2012-12-16 14:13 295424 ----a-w- c:\\windows\\SysWow64\\atmfd.dll

2013-06-24 04:16 . 2013-02-27 06:02 111448 ----a-w- c:\\windows\\system32\\consent.exe

2013-06-24 04:15 . 2012-11-02 05:59 478208 ----a-w- c:\\windows\\system32\\dpnet.dll

2013-06-24 04:14 . 2012-11-30 04:53 274944 ----a-w- c:\\windows\\SysWow64\\KernelBase.dll

2013-06-24 04:07 . 2013-04-26 05:51 751104 ----a-w- c:\\windows\\system32\\win32spl.dll

2013-06-24 04:07 . 2013-04-26 04:55 492544 ----a-w- c:\\windows\\SysWow64\\win32spl.dll

2013-06-24 04:06 . 2012-11-23 03:13 68608 ----a-w- c:\\windows\\system32\\taskhost.exe

2013-06-24 04:06 . 2013-05-10 05:49 30720 ----a-w- c:\\windows\\system32\\cryptdlg.dll

2013-06-24 04:06 . 2013-05-10 03:20 24576 ----a-w- c:\\windows\\SysWow64\\cryptdlg.dll

2013-06-24 04:05 . 2013-01-24 06:01 223752 ----a-w- c:\\windows\\system32\\drivers\\fvevol.sys

2013-06-24 04:05 . 2013-05-13 03:43 1192448 ----a-w- c:\\windows\\system32\\certutil.exe

2013-06-24 04:05 . 2013-05-13 03:08 903168 ----a-w- c:\\windows\\SysWow64\\certutil.exe

2013-06-24 04:05 . 2013-05-13 05:51 1464320 ----a-w- c:\\windows\\system32\\crypt32.dll

2013-06-24 04:05 . 2013-05-13 05:51 184320 ----a-w- c:\\windows\\system32\\cryptsvc.dll

2013-06-24 04:05 . 2013-05-13 04:45 1160192 ----a-w- c:\\windows\\SysWow64\\crypt32.dll

2013-06-24 04:05 . 2013-05-13 05:51 139776 ----a-w- c:\\windows\\system32\\cryptnet.dll

2013-06-24 04:05 . 2013-05-13 04:45 103936 ----a-w- c:\\windows\\SysWow64\\cryptnet.dll

2013-06-24 04:05 . 2013-05-13 05:50 52224 ----a-w- c:\\windows\\system32\\certenc.dll

2013-06-24 04:05 . 2013-05-13 04:45 140288 ----a-w- c:\\windows\\SysWow64\\cryptsvc.dll

2013-06-24 04:05 . 2013-05-13 03:08 43008 ----a-w- c:\\windows\\SysWow64\\certenc.dll

2013-06-24 04:03 . 2013-03-19 06:04 5550424 ----a-w- c:\\windows\\system32\\ntoskrnl.exe

2013-06-24 04:03 . 2013-03-19 05:04 3968856 ----a-w- c:\\windows\\SysWow64\\ntkrnlpa.exe

2013-06-24 04:03 . 2013-03-19 05:04 3913560 ----a-w- c:\\windows\\SysWow64\\ntoskrnl.exe

2013-06-24 04:03 . 2013-03-19 03:06 112640 ----a-w- c:\\windows\\system32\\smss.exe

2013-06-24 04:03 . 2013-03-19 05:46 43520 ----a-w- c:\\windows\\system32\\csrsrv.dll

2013-06-24 04:03 . 2013-03-19 04:47 6656 ----a-w- c:\\windows\\SysWow64\\apisetschema.dll

2013-06-24 04:03 . 2013-04-25 23:30 1505280 ----a-w- c:\\windows\\SysWow64\\d3d11.dll

2013-06-24 04:03 . 2013-03-31 22:52 1887232 ----a-w- c:\\windows\\system32\\d3d11.dll

2013-06-24 02:19 . 2013-06-24 02:17 964552 ------w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{75B07C72-6221-4B57-85A1-759B06CAAD2E}\\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 03:51 . 2011-07-28 15:15 789416 ----a-w- c:\\windows\\SysWow64\\deployJava1.dll

2013-06-12 16:57 . 2012-04-28 15:23 692104 ----a-w- c:\\windows\\SysWow64\\FlashPlayerApp.exe

2013-06-12 16:57 . 2011-10-15 01:33 71048 ----a-w- c:\\windows\\SysWow64\\FlashPlayerCPLApp.cpl

2013-06-02 22:11 . 2010-04-16 17:57 75825640 ----a-w- c:\\windows\\system32\\MRT.exe

2013-05-21 12:29 . 2011-03-30 22:38 964552 ------w- c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\NISBackup\\gapaengine.dll

2013-05-12 20:59 . 2010-06-24 17:33 22240 ----a-w- c:\\programdata\\Microsoft\\IdentityCRL\\production\\ppcrlconfig600.dll

2013-05-02 15:29 . 2010-09-08 00:57 278800 ------w- c:\\windows\\system32\\MpSigStub.exe

2013-04-13 05:49 . 2013-06-24 04:17 135168 ----a-w- c:\\windows\\apppatch\\AppPatch64\\AcXtrnal.dll

2013-04-13 05:49 . 2013-06-24 04:17 350208 ----a-w- c:\\windows\\apppatch\\AppPatch64\\AcLayers.dll

2013-04-13 05:49 . 2013-06-24 04:17 308736 ----a-w- c:\\windows\\apppatch\\AppPatch64\\AcGenral.dll

2013-04-13 05:49 . 2013-06-24 04:17 111104 ----a-w- c:\\windows\\apppatch\\AppPatch64\\acspecfc.dll

2013-04-13 04:45 . 2013-06-24 04:17 474624 ----a-w- c:\\windows\\apppatch\\AcSpecfc.dll

2013-04-13 04:45 . 2013-06-24 04:17 2176512 ----a-w- c:\\windows\\apppatch\\AcGenral.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run]

\"EEventManager\"=\"c:\\program files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\" [2009-12-03 976320]

\"SunJavaUpdateSched\"=\"c:\\program files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce]

\"c:\\program files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"=\"c:\\program files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\" [2010-09-26 560128]

.

c:\\users\\CCP FRNicholson\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

Dell Dock.lnk - c:\\program files\\Dell\\DellDock\\DellDock.exe [2009-12-15 1324384]

.

c:\\users\\Kenneth\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

Dell Dock.lnk - c:\\program files\\Dell\\DellDock\\DellDock.exe [2009-12-15 1324384]

.

c:\\users\\Felicia\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

Dell Dock.lnk - c:\\program files\\Dell\\DellDock\\DellDock.exe [2009-12-15 1324384]

.

c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

Logitech SetPoint.lnk - c:\\program files\\Logitech\\SetPoint\\SetPoint.exe [2010-7-1 1207312]

.

c:\\users\\Default User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

Dell Dock First Run.lnk - c:\\program files\\Dell\\DellDock\\DellDock.exe /firstrun [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]

\"ConsentPromptBehaviorAdmin\"= 5 (0x5)

\"ConsentPromptBehaviorUser\"= 3 (0x3)

\"EnableUIADesktopToggle\"= 0 (0x0)

.

[hkey_local_machine\\software\\Wow6432Node\\microsoft\\windows\\currentversion\\explorer\\ShellExecuteHooks]

\"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\"= \"c:\\program files (x86)\\SUPERAntiSpyware\\SASSEH.DLL\" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\\program files (x86)\\SUPERAntiSpyware\\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\\software\\wow6432node\\microsoft\\windows nt\\currentversion\\drivers32]

\"aux4\"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MCODS]

@=\"\"

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MsMpSvc]

@=\"Service\"

.

R1 SASDIFSV;SASDIFSV;c:\\program files (x86)\\SUPERAntiSpyware\\SASDIFSV.SYS;c:\\program files (x86)\\SUPERAntiSpyware\\SASDIFSV.SYS



R1 SASKUTIL;SASKUTIL;c:\\program files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS;c:\\program files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS


R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe;c:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe


R3 cpuz134;cpuz134;c:\\users\\Felicia\\AppData\\Local\\Temp\\cpuz134\\cpuz134_x64.sys;c:\\users\\Felicia\\AppData\\Local\\Temp\\cpuz134\\cpuz134_x64.sys


R3 NisDrv;Microsoft Network Inspection System;c:\\windows\\system32\\DRIVERS\\NisDrvWFP.sys;c:\\windows\\SYSNATIVE\\DRIVERS\\NisDrvWFP.sys


R3 NisSrv;Microsoft Network Inspection;c:\\program files\\Microsoft Security Client\\NisSrv.exe;c:\\program files\\Microsoft Security Client\\NisSrv.exe


R3 SASENUM;SASENUM;c:\\program files (x86)\\SUPERAntiSpyware\\SASENUM.SYS;c:\\program files (x86)\\SUPERAntiSpyware\\SASENUM.SYS


R3 TsUsbFlt;TsUsbFlt;c:\\windows\\system32\\drivers\\tsusbflt.sys;c:\\windows\\SYSNATIVE\\drivers\\tsusbflt.sys


R3 urvpndrv;F5 Networks VPN Adapter;c:\\windows\\system32\\DRIVERS\\covpnv64.sys;c:\\windows\\SYSNATIVE\\DRIVERS\\covpnv64.sys


R3 WatAdminSvc;Windows Activation Technologies Service;c:\\windows\\system32\\Wat\\WatAdminSvc.exe;c:\\windows\\SYSNATIVE\\Wat\\WatAdminSvc.exe


R3 WSDScan;WSD Scan Support via UMB;c:\\windows\\system32\\DRIVERS\\WSDScan.sys;c:\\windows\\SYSNATIVE\\DRIVERS\\WSDScan.sys


R4 SftService;SoftThinks Agent Service;c:\\program files (x86)\\Dell DataSafe Local Backup\\sftservice.EXE;c:\\program files (x86)\\Dell DataSafe Local Backup\\sftservice.EXE


S0 PxHlpa64;PxHlpa64;c:\\windows\\System32\\Drivers\\PxHlpa64.sys;c:\\windows\\SYSNATIVE\\Drivers\\PxHlpa64.sys


S2 DockLoginService;Dock Login Service;c:\\program files\\Dell\\DellDock\\DockLogin.exe;c:\\program files\\Dell\\DellDock\\DockLogin.exe


S2 vmci;VMware vmci;c:\\windows\\system32\\drivers\\vmci.sys;c:\\windows\\SYSNATIVE\\drivers\\vmci.sys


S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\\windows\\system32\\drivers\\IntcHdmi.sys;c:\\windows\\SYSNATIVE\\drivers\\IntcHdmi.sys


S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\\windows\\system32\\DRIVERS\\LEqdUsb.Sys;c:\\windows\\SYSNATIVE\\DRIVERS\\LEqdUsb.Sys


S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\\windows\\system32\\DRIVERS\\LHidEqd.Sys;c:\\windows\\SYSNATIVE\\DRIVERS\\LHidEqd.Sys


S3 RTL8167;Realtek 8167 NT Driver;c:\\windows\\system32\\DRIVERS\\Rt64win7.sys;c:\\windows\\SYSNATIVE\\DRIVERS\\Rt64win7.sys


.

.

[HKEY_LOCAL_MACHINE\\software\\wow6432node\\microsoft\\active setup\\installed components\\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-24 17:10 1165776 ----a-w- c:\\program files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\Installer\\chrmstp.exe

.

Contents of the \'Scheduled Tasks\' folder

.

2013-07-02 c:\\windows\\Tasks\\Adobe Flash Player Updater.job

- c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe [2012-04-28 16:57]

.

2013-07-02 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job

- c:\\program files (x86)\\Google\\Update\\GoogleUpdate.exe [2013-06-24 17:09]

.

2013-07-02 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job

- c:\\program files (x86)\\Google\\Update\\GoogleUpdate.exe [2013-06-24 17:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

\"RtHDVCpl\"=\"c:\\program files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" [2009-10-21 8306208]

\"IAAnotif\"=\"c:\\program files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\" [2009-06-05 186904]

\"Kernel and Hardware Abstraction Layer\"=\"KHALMNPR.EXE\" [2009-06-17 130576]

\"IgfxTray\"=\"c:\\windows\\system32\\igfxtray.exe\" [2010-08-26 161304]

\"Persistence\"=\"c:\\windows\\system32\\igfxpers.exe\" [2010-08-26 415256]

\"Logitech Download Assistant\"=\"c:\\windows\\System32\\LogiLDA.dll\" [2010-11-04 1580368]

\"MSC\"=\"c:\\program files\\Microsoft Security Client\\msseces.exe\" [2013-01-27 1281512]

.

------- Supplementary Scan -------

.

uLocal Page = c:\\windows\\system32\\blank.htm


mLocal Page = c:\\windows\\SysWOW64\\blank.htm

IE: E&xport to Microsoft Excel - c:\\progra~2\\MICROS~2\\Office14\\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\\program files (x86)\\Google\\Google Toolbar\\Component\\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\\progra~2\\MICROS~2\\Office14\\ONBttnIE.dll/105

LSP: c:\\program files (x86)\\VMware\\VMware Player\\vsocklib.dll

Trusted Zone: alpineaccess.com

Trusted Zone: alpineaccess.net

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\\{28C31212-6713-4A47-8872-34C779D8B726}: NameServer = 10.124.6.3,10.124.3.2

TCP: Interfaces\\{47AF739C-9211-470F-8886-1F12156AA75E}: NameServer = 10.124.6.3,10.124.3.2


.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\\windows\\system32\\Adobe\\Shockwave 11\\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@=\"FlashBroker\"

\"LocalizedString\"=\"@c:\\\\Windows\\\\system32\\\\Macromed\\\\Flash\\\\FlashUtil64_11_7_700_224_ActiveX.exe,-101\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\Elevation]

\"Enabled\"=dword:00000001

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\LocalServer32]

@=\"c:\\\\Windows\\\\system32\\\\Macromed\\\\Flash\\\\FlashUtil64_11_7_700_224_ActiveX.exe\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\TypeLib]

@=\"{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@=\"IFlashBroker5\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\\ProxyStubClsid32]

@=\"{00020424-0000-0000-C000-000000000046}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\\TypeLib]

@=\"{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\"

\"Version\"=\"1.0\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@=\"FlashBroker\"

\"LocalizedString\"=\"@c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\FlashUtil32_11_7_700_224_ActiveX.exe,-101\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\Elevation]

\"Enabled\"=dword:00000001

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\LocalServer32]

@=\"c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\FlashUtil32_11_7_700_224_ActiveX.exe\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\\TypeLib]

@=\"{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@=\"Shockwave Flash Object\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\InprocServer32]

@=\"c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\Flash32_11_7_700_224.ocx\"

\"ThreadingModel\"=\"Apartment\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\MiscStatus]

@=\"0\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\ProgID]

@=\"ShockwaveFlash.ShockwaveFlash.11\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\ToolboxBitmap32]

@=\"c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\Flash32_11_7_700_224.ocx, 1\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\TypeLib]

@=\"{D27CDB6B-AE6D-11cf-96B8-444553540000}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\Version]

@=\"1.0\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB6E-AE6D-11cf-96B8-444553540000}\\VersionIndependentProgID]

@=\"ShockwaveFlash.ShockwaveFlash\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@=\"Macromedia Flash Factory Object\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\InprocServer32]

@=\"c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\Flash32_11_7_700_224.ocx\"

\"ThreadingModel\"=\"Apartment\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\ProgID]

@=\"FlashFactory.FlashFactory.1\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\ToolboxBitmap32]

@=\"c:\\\\Windows\\\\SysWOW64\\\\Macromed\\\\Flash\\\\Flash32_11_7_700_224.ocx, 1\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\TypeLib]

@=\"{D27CDB6B-AE6D-11cf-96B8-444553540000}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\Version]

@=\"1.0\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\CLSID\\{D27CDB70-AE6D-11cf-96B8-444553540000}\\VersionIndependentProgID]

@=\"FlashFactory.FlashFactory\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@=\"IFlashBroker5\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\\ProxyStubClsid32]

@=\"{00020424-0000-0000-C000-000000000046}\"

.

[HKEY_LOCAL_MACHINE\\software\\Classes\\Wow6432Node\\Interface\\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\\TypeLib]

@=\"{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\"

\"Version\"=\"1.0\"

.

[HKEY_LOCAL_MACHINE\\software\\Wow6432Node\\Microsoft\\Office\\Common\\Smart Tag\\Actions\\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

\"Solution\"=\"{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\"

.

[HKEY_LOCAL_MACHINE\\software\\Wow6432Node\\Microsoft\\Schema Library\\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\\software\\Wow6432Node\\Microsoft\\Schema Library\\ActionsPane3\\0]

\"Key\"=\"ActionsPane3\"

\"Location\"=\"c:\\\\Program Files (x86)\\\\Common Files\\\\Microsoft Shared\\\\VSTO\\\\ActionsPane3.xsd\"

.

[HKEY_LOCAL_MACHINE\\system\\ControlSet001\\Control\\PCW\\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-02  17:44:54

ComboFix-quarantined-files.txt  2013-07-02 22:44

.

Pre-Run: 565,455,126,528 bytes free

Post-Run: 565,085,532,160 bytes free

.

- - End Of File - - C87B4F37E2010F9B59956AF5CDB08DDB

CDB4DE4BBD714F152979DA2DCBEF57EB

 


Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Computer running slow
« Reply #8 on: July 08, 2013, 01:20:51 PM »

sorry again for the delay, stuck in camp with limited internet


How are things on your end now?


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Computer running slow
« Reply #9 on: August 29, 2013, 11:44:23 AM »
As the original poster has not returned, I\'ll lock this topic
If you do return and still need a hand here, send me a PM please and I\'ll reopen it
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »