Sponsored By

Sign in to follow this  
Followers 0
slhouse

slow computer issue

23 posts in this topic

 

Howdy slhouse and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

===================================

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

NEXT

 

    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>  https://www.malwarebytes.org/mwb-intercept/
      Get the FREE version !!
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

 

Post those logs as you get them, continue doing all of them for me !!

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

[UPD] - Local database v21-12-2015.2
[UPD] - Services generic detection updated
[UPD] - Folders generic detection updated
[UPD] - Generic.DownloadProtect updated
[UPD] - Chrome extensions module updated
[UPD] - Russian translation updated
[UPD] - Automatic DNS flush after cleaning

//////// v5.025 - 13/12/15 ////////

[BUG] - Fixed bug with Firefox files detection
[BUG] - Fixed bug with DownloadProtect generic detection

[UPD] - Local database v13-12-2015.2
[UPD] - Generic.PullUpdate updated
[UPD] - Generic.HomeTab updated
[UPD] - Generic.BetterSurf updated
[UPD] - Tasks module updated
[UPD] - Chrome extensions module updated

//////// v5.024 - 07/12/15 ////////

[BUG] - Fixed bug with FirewallPolicy module

[UPD] - Local database v07-12-2015.3
[UPD] - German translation updated
[UPD] - Proxy module updated
[UPD] - Generic.DownloadProtect updated
[UPD] - Generic.BetterSurf updated

//////// v5.023 - 30/11/15 ////////

[BUG] - Fixed bug with Crossrider regexp
[BUG] - Fixed bug with SearchScopes detection

[UPD] - Local database v30-11-2015.1
[UPD] - DNSApi.dll detection improved
[UPD] - Code optimizations
[UPD] - Tasks generic detection updated
[UPD] - Generic.Tuto4PC updated
[UPD] - Software generic detection updated

//////// v5.022 - 22/11/15 ////////

[BUG] - Fixed bug with LocalAppData\Installer detection

[UPD] - Local database v22-11-2015.2
[UPD] - Added SearchScope values to SearchScope module
[UPD] - Added "HKLM\..\Installer\UpgradeCodes" to handled keys
[UPD] - Added "HKU\..\ApprovedExtensionsMigration" to handled keys
[UPD] - Generic.PullUpdate updated
[UPD] - Generic.Crossrider updated
[UPD] - Generic.BrowseFox updated
[UPD] - Added detection of FileExts values

//////// v5.021 - 14/11/15 ////////

- En hommage à toutes les victimes des attentats de Paris

//////// v5.020 - 13/11/15 ////////

[NEW] - Added "startup_list" management ( Chrome preferences )

[BUG] - Fixed bug with language selection on Windows XP
[BUG] - Fixed bug with COM error handler

[UPD] - Local database v13-11-2015.1
[UPD] - Updated to AutoIT v3.3.14.2
[UPD] - Generic.Tuto4PC updated

//////// v5.019 - 08/11/15 ////////

[NEW] - Added Generic.HomeTab detection

[BUG] - Fixed bug in "Interface/TypeLib" registry keys detection ( only generics )

[UPD] - Local database v08-11-2015.2
[UPD] - DOMStorage detection updated ( now based on URLs )
[UPD] - ActiveX detection modified
[UPD] - IE registry keys detection improved
[UPD] - FirewallPolicy detection improved
[UPD] - Softwares generic detection updated
[UPD] - Tasks generic detection updated
[UPD] - Generic.Crossrider updated
[UPD] - Generic.Tuto4PC updated
[UPD] - Generic.MyWebSearch updated
[UPD] - Added "HKU\..\windows_ie_ac_001\Software" to handled keys

[REM] - "DOMStorage" table deleted

//////// v5.018 - 05/11/15 ////////

[NEW] - Turkish translation added

[BUG] - Fixed bug with Japanese translation

[UPD] - IE registry keys detection improved
[UPD] - German translation updated

//////// v5.017 - 03/11/15 ////////

[BUG] - Major FP with generic detection fixed

[UPD] - Softwares detection improved

//////// v5.016 - 01/11/15 ////////

[NEW] - Added language selection in GUI
[NEW] - Added option to purge "Tracing" keys ( checked by default )
[NEW] - Added new module to detect "FileExts" keys
[NEW] - Bulgarian translation added

[BUG] - Fixed typo mistake in Generic.DownloadProtect
[BUG] - Fixed bug in Chrome extensions detection

[REM] - Removed "HKCU\Software" 64-bits from handled keys

[UPD] - Local database v01-11-2015.2
[UPD] - Added "HKLM\..\SearchURI" to handled keys
[UPD] - Added Microsoft Edge keys to DOMStorage module
[UPD] - Added "Tasks" to handled folders
[UPD] - Added "HKLM\..\ActiveX Compatibility" to handled keys
[UPD] - Added "HKLM\..\Distribution Units" to handled keys
[UPD] - Added "HKCU\..\InternetRegistry" to handled keys
[UPD] - Tasks generic detection updated
[UPD] - LocalAppData generic detection updated
[UPD] - Generic.Conduit updated

//////// v5.015 - 26/10/15 ////////

[UPD] - Local database v26-10-2015.2
[UPD] - Generic.Multiplug updated
[UPD] - Registry keys handled modified

//////// v5.014 - 18/10/15 ////////

[UPD] - Local database v18-10-2015.5
[UPD] - Added HKLM\SOFTWARE\..\Prefix to handled keys
[UPD] - Opera extensions detection improved
[UPD] - Tasks generic detection updated
[UPD] - Softwares generic detection updated
[UPD] - Regexp optimized

//////// v5.013 - 09/10/15 ////////

[BUG] - Fixed bug with DNS servers detection

//////// v5.012 - 08/10/15 ////////

[NEW] - Added new feature to restore missing DNSApi.dll

[UPD] - Added HKU\..\Software\AppDataLow to handled keys
[UPD] - Added HKLM\..\Stats to handled keys
[UPD] - Generic.Vitruvian updated

//////// v5.011 - 07/10/15 ////////

[BUG] - Bug with patched DLL detection fixed

[UPD] - Check if "dnsapi.dll" is missing

//////// v5.010 - 04/10/15 ////////

[NEW] - Added new feature to detect patched DLLs
[NEW] - Added tab "DLLs" in the GUI

[UPD] - Local database v04-10-2015.3
[UPD] - FP in tasks generic detections fixed
[UPD] - Firefox extensions detection improved
[UPD] - Generic.Perion updated
[UPD] - Generic.Vitruvian updated
[UPD] - Generic.Crossrider updated

//////// v5.009 - 27/09/15 ////////

[NEW] - Added message when no elements are found

[BUG] - Bug with update checking fixed

[UPD] - Local database v27-09-2015.1
[UPD] - Tasks generic detections updated
[UPD] - Generic.Downloadprotect updated
[UPD] - Generic.Multiplug updated
[UPD] - Generic.MyWebSearch updated
[UPD] - Generic.Browsefox updated

//////// v5.008 - 18/09/15 ////////

[NEW] - Added "HKLM\...\URL\DefaultPrefix" to handled keys

[UPD] - Generic.Perion updated
[UPD] - Local database v17-09-2015.3
[UPD] - Merged Generic.Sambreel with Generic.Browsefox
[UPD] - Italian translation updated

//////// v5.007 - 08/09/15 ////////

[NEW] - Added Generic.Perion detection ( 1st part )

[BUG] - Bug with AppInit data detection fixed

[UPD] - Local database v08-09-2015.2
[UPD] - Generic.Vitruvian updated
[UPD] - Generic.Multiplug updated

//////// v5.006 - 06/09/15 ////////

[NEW] - Added Generic.Conduit detection

[BUG] - Bug with Chrome extensions detection fixed
[BUG] - Bug with Tuto4PC generic detection fixed

[UPD] - Added "HKCU\Software\Classes\CLSID" to handled keys
[UPD] - Services generic detections updated
[UPD] - Tasks deletion improved
[UPD] - Generic.Crossrider updated
[UPD] - Generic.Multiplug updated

//////// v5.005 - 31/08/15 ////////

[NEW] - COMODO Chromodo browser now handled

[BUG] - Bug with DNS detection fixed
[BUG] - Bug with older version detection fixed
[BUG] - Bug with Brazilian Portuguese translation fixed
[BUG] - Bug with Polish translation fixed
[BUG] - Bug with Firefox files generic detection fixed
[BUG] - Minor display bug in the report fixed

[UPD] - Local database v31-08-2015.2
[UPD] - Chrome preferences management changed
[UPD] - "Reset Chrome policies" option improved
[UPD] - Services generic detections updated
[UPD] - Shortcuts detection improved

//////// v5.004 - 26/08/15 ////////

[NEW] - Added Generic.Maintainer detection
[NEW] - Added HKU subkeys to SearchScopes module

[BUG] - Bug with EULA scrollbar fixed
[BUG] - Bug with Spanish translation fixed

[UPD] - Tasks detection improved
[UPD] - SearchScopes detection improved
[UPD] - Drivers generic detections updated
[UPD] - Generic.Browsefox updated
[UPD] - Generic.MyWebSearch updated
[UPD] - Portuguese Brazilian translation updated
[UPD] - Dutch translation updated
[UPD] - Polish translation updated
[UPD] - Russian translation updated
[UPD] - All options but "Reset Winsock settings" unchecked by default

//////// v5.003 - 20/08/15 ////////

[BUG] - Bug with internal AutoIT function fixed

[UPD] - Local database v20-08-2015.1
[UPD] - Spanish translation updated
[UPD] - Estonian translation updated

//////// v5.002 - 18/08/15 ////////

[BUG] - Main window no longer minimize when clicking on "Quarantine manager"
[BUG] - Bug when retrieving users fixed
[BUG] - Bug with German translation fixed

[UPD] - Improved SearchScopes detection
[UPD] - Portuguese Brazilian translation updated
[UPD] - Dutch translation updated
[UPD] - Reports now saved to C:\AdwCleaner instead of C:\

//////// v5.001 - 17/08/15 ////////

[BUG] - Bug when retrieving users fixed

[UPD] - Generic.Browsefox updated
[UPD] - Generic.Tuto4PC updated
[UPD] - "Reset Chrome policies" checked by default
[UPD] - "Reset Internet Explorer policies" checked by default
[UPD] - German translation updated
[UPD] - French translation updated
[UPD] - English translation updated
[UPD] - Japanese translation updated

*+*+*+*+* v5.000 - 14/08/15 *+*+*+*+*

[NEW] - Debug mode added
[NEW] - New generic detections engine
[NEW] - Quarantine manager is now fully integrated into AdwCleaner
[NEW] - Compatibility with W10
[NEW] - "Reset Proxy settings" option added
[NEW] - "Reset Winsock settings" option added
[NEW] - "Reset TCP/IP settings" option added
[NEW] - "Reset Firewall settings" option added
[NEW] - "Reset IPSec settings" option added
[NEW] - "Reset BITS queue" option added
[NEW] - "Reset Internet Explorer policies" option added
[NEW] - "Reset Chrome policies" option added
[NEW] - Generic.BrowseFox added to generic detections

[UPD] - Local database v14-08-2015.3
[UPD] - Code optimization
[UPD] - SQLite version updated to v3.8.11.1
[UPD] - Chrome preferences detection improved
[UPD] - "HKLM\SOFTWARE\AppDataLow\Software" added to handled keys
[UPD] - "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" added to handled keys
[UPD] - "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID" added to handled keys
[UPD] - "HKEY_USERS" subkeys added to handled keys
[UPD] - "Generic.Netfilter" renamed to "Generic.Vitruvian"
[UPD] - All generic detections updated
[UPD] - Tasks detection improved (x64 folders handled)
[UPD] - AppInit detection improved (x64 values handled)
[UPD] - Infected shortcuts detection improved (recursive search)
[UPD] - Auto-resize for all columns in GUI
[UPD] - "Files / Folders" report sections split
[UPD] - Reports are now saved to C:\ instead of C:\AdwCleaner
[UPD] - Searching reports are now called "AdwCleaner[SX].txt"
[UPD] - Cleaning reports are now called "AdwCleaner[CX].txt"
[UPD] - New caption in cleaning reports :

[-] : The element has been deleted
[+] : The element has been deleted after resetting its ACL
[#] : The element will be deleted on reboot
[!] : The element can't be deleted
[x] : The element has not been marked for deletion

[REM] - "Internet Explorer" tab removed (keys are now listed in "Registry" tab)
[REM] - Illyx generic detection removed
[REM] - Gomita generic detection removed
[REM] - Skintrim generic detection removed
[REM] - Pirrit generic detection removed
[REM] - Maintainer generic detection removed
[REM] - AdPeak generic detection removed

//////// v4.208 - 09/07/15 ////////

[Database] - Added local database v09-07-2015.1
[Language] - Fixed error which caused AdwCleaner to be always in english version when ran on XP
[Services] - Fixed a bug that occured during the scan
[Firefox] - Added "ghostery" to whitelisted keywords for preferences scan
[Generic.Netfilter] - Generic detection updated

//////// v4.207 - 21/06/15 ////////

[Database] - Added local database v21-06-2015.1
[Generic] - Generic detections updated
[Generic] - Fixed typo

//////// v4.206 - 01/06/15 ////////

[Paths] - Added Public\Documents to handled paths
[Language] - Fixed typo mistake in polish translation
[Language] - Fixed typo mistake in dutch translation
[IE] - Settings detection improved
[Generic.Multiplug] - Generic detection updated
[Generic.BetterSurf] - Generic detection updated
[Generic.MyWebSearch] - Generic detection updated
[Generic.Gomita] - New generic detection
[Generic.Piccolor] - New generic detection
[Registry] - FirewallPolicy detection re-enabled

//////// v4.205 - 21/05/15 ////////

[Database] - Added local database v21-05-2015.2
[Database] - Bug fixed ( Database's downloading now forces a reload from the remote site )
[Language] - Added Polish translation
[Generic.Crossrider] - Generic detection updated
[Generic.BetterSurf] - Generic detection updated
[Generic] - Generic detections updated

//////// v4.204 - 12/05/15 ////////

[Database] - Added local database v12-05-2015.2
[Generic.Netfilter] - Typo mistake fixed
[Generic.Multiplug] - Generic detection updated
[Generic] - Generic detections updated
[Other] - Changed way to detect current version

//////// v4.203 - 30/04/15 ////////

[Database] - Added local database v30-04-2015.2
[Optimization] - Database cleanup ( part 2 )
[Generic.MyWebSearch] - New generic detection
[Generic.Netfilter] - New generic detection

//////// v4.202 - 23/04/15 ////////

[Database] - Added local database v23-04-2015.1
[GUI] - Message box displaying improved
[Generic] - Generic detections updated
[Generic.Tuto4PC] - Generic detection updated
[Generic.Multiplug] - Generic detection updated
[Generic.BetterSurf] - New generic detection

//////// v4.201 - 08/04/15 ////////

[Database] - Added local database v08-04-2015.1
[Language] - AdwCleaner now detects language of current MUI pack
[Paths] - Added config\systemprofile\AppData\Local to handled paths
[Generic.Conduit] - Generic detection updated
[Generic.Skintrim] - Generic detection updated
[Firefox] - Added new generic detection for adware related JS scripts
[Proxy] - Proxy detection improved ( more checked keys )

//////// v4.200 - 29/03/15 ////////

[Database] - Added local database v29-03-2015.1
[Language] - Added Estonian translation
[Language] - Added Czech translation
[Language] - Added Brazilian portuguese translation
[Optimization] - Reduced database loading time (~15s -> ~2s)
[Optimization] - Multiplug generic detection optimized
[Optimization] - Database cleanup ( part 1 )
[Generic.Conduit] Generic detection added
[Generic.AddLyrics] - Generic detection updated
[Generic.Crossrider] - Generic detection updated
[Processes] - Added a more powerful way to kill processes
[Bug] - Fixed display in the logfile ( infected shortcuts )
[Chrome] - Preferences detection improved

//////// v4.113 - 22/03/15 ////////

[Database] - Added local database v22-03-2015.2
[Generic.Tuto4PC] - Generic detection updated
[Generic.Crossrider] - Generic detection updated
[Generic.AddLyrics] - Generic detection updated
[Language] - Added Spanish translation
[Language] - Fixes in Russian translation
[Tasks] - Generic detection updated
[Chrome] - Added "ExtensionWhitelist" to managed keys
[Paths] - Added StartMenuCommonDir to handled paths
[Paths] - Added config\systemprofile\Documents to handled paths
[Generic] - Updated generic registry detections
[Winsock] - Added Winsock cleaning
[Processes] - Whitelisted Splashtop processes
[GUI] - Fixed error in progression percentage increase
[Generic.PullUpdate] - Added generic detection

//////// v4.112 - 09/03/15 ////////

[Database] - Added local database v05-03-2015.1
[Language] - Added Italian translation
[Language] - Added Russian translation
[Language] - Added Dutch translation
[Language] - Added Japanese translation
[Generic] - Fixed false positive
[EULA] - Typo corrections

//////// v4.111 - 18/02/15 ////////

[Database] - Added local database v18-02-2015.3
[Language] - Language file updated

//////// v4.110 - 05/02/15 ////////

[Database] - Added local database v05-02-2015.2
[Processes] - Multiple processes whitelisted
[Language] - Language file updated

//////// v4.109 - 24/01/15 ////////

[Database] - Added local database v24-01-2015.3
[Proxy] - New proxy detection
[Paths] - Added "FavoritesLinks" to handled paths
[Bug] - Fixed duplicate entries in the logfile
[Generic.Maintainer] - Added generic detection
[Generic.Sambreel] - Generic detection updated
[Generic.Multiplug] - Generic detection updated
[Chrome] - Chrome Canary added to handled browsers

//////// v4.108 - 17/01/15 ////////

[Database] - Added local database v13-01-2015.2

//////// v4.107 - 07/01/15 ////////

- En mémoire des victimes de l'attentat au journal Charlie Hebdo

//////// v4.106 - 21/12/14 ////////

[Processes] - Multiple processes whitelisted
[Generic.Tuto4PC] - Generic detection updated
[Database] - Added local database v21-12-2014.4

//////// v4.105 - 08/12/14 ////////

[Processes] - Whitelisted "bomgar-scc.exe"
[Processes] - Whitelisted "Elsinore.ScreenConnect.WindowsClient.exe"
[Tasks] - Improved scheduled tasks deletion
[Generic.AddLyrics] - Generic detection updated
[Generic.Tuto4PC] - Generic detection updated
[DNS] - Added PUP related DNS
[Bug] - Fixed bug with Firefox files research
[Registry] - Added clearing of DefaultScopes
[Database] - Added local database v08-12-2014.2

//////// v4.104 - 05/12/14 ////////

[Firefox] - Cyberfox added to handled browsers
[Bug] - Fixed error line 2057
[Bug] - Fixed error in folders/files research

//////// v4.103 - 01/12/14 ////////

[Database] - Fixed a bug which caused AdwCleaner to skip database download on XP machines
[Database] - Added local database v01-12-2014.1
[Generic.Sambreel] - Fixed a bug in drivers file detection ( extra "\" )
[Tasks] - Generic detection updated

//////// v4.102 - 23/11/14 ////////

[Chrome] - Added AppDataCommonDir checking for Chrome extensions
[Database] - Added local database v23-11-2014.3
[Registry] - Added DNS checking
[GUI] - Modified progress display informations
[Changelog] - New display

//////// v4.101 - 09/11/14 ////////

- Bug fixed ( Firefox files/folders detection )
- Bug fixed ( AdwCleaner's file deletion )
- Bug fixed ( Uninstall )
- Fixed display bug in logfile
- Updated logfile header

//////// v4.100 - 08/11/14 ////////

- Fixed bug in EIFL research module
- Added generic detection for SearchScopes keys
- New method to manage Chrome preferences
- New method to manage Firefox preferences

//////// v4.002 - 27/10/14 ////////

- Updated generic detections
- Fixed bugs

//////// v4.001 - 20/10/14 ////////

- Added registry keys to search :
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility

- Updated generic detections
- Added generic detection for "tracing" keys

//////// v4.000 - 12/10/14 ////////

- Updated to AutoIT v3.3.0.12
- New method to manage database

//////// v3.311 - 30/09/14 ////////

- Database update
- False positive fixed

//////// v3.310 - 12/09/14 ////////

- Database update

//////// v3.309 - 02/09/14 ////////

- Major database update
- False positive fixed

//////// v3.308 - 20/08/14 ////////

- Database update
- Generic.Multiplug detection updated
- False positive and bug fixed

//////// v3.307 - 17/08/14 ////////

- Database update
- ProductID detection improved
- Bug fixed ( Generic.Crossrider )

//////// v3.306 - 15/08/14 ////////

- Database update
- Added StartMenuInternet keys for Opera browser
- DefaultScope detection updated
- Added processes to whitelist
- Generic.Sambreel detection updated
- Generic.Crossrider detection updated
- Generic.Multiplug detection updated
- Generic.AddLyrics detection updated
- Generic.AdPeak detection updated

//////// v3.305 - 13/08/14 ////////

- Database update
- Fixed Crossrider scheduled task detection
- Generic.AdPeak detection updated
- Generic.DownloadProtect detection updated
- Generic.Skintrim detection updated
- Generic.Tuto4PC detection updated
- Generic.Multiplug detection updated
- Deleted debug message
- Updated Firefox extensions detection
- Updated Chrome extensions detection
- Language file updated
- Added Generic.AddLyrics detection

//////// v3.304 - 08/08/14 ////////

- Bug fixed

//////// v3.303 - 06/08/14 ////////

- Database update
- False positive removed
- Generic.Crossrider detection updated
- Generic.Downloadprotect detection updated
- Generic.Multiplug detection updated
- Generic.Skintrim detection updated

//////// v3.302 - 30/07/14 ////////

- Database update
- False positive removed
- Added processes to whitelist
- Updated scheduled task detections
- Added possibility to cancel cleaning before closing processes
- Generic.AdPeak detection updated

//////// v3.301 - 28/07/14 ////////

- Bug fixes

//////// v3.300 - 27/07/14 ////////

- Database update
- Generic.Crossrider detection updated
- Generic.Multiplug detection updated
- Generic.Tuto4PC detection updated
- Generic.Skintrim detection added
- Generic.AdPeak detection added
- Generic.Illyx detection added
- Generic.Sambreel detection added
- Generic.DownloadProtect detection added
- Scheduled task detections updated
- DefaultScope detections updated

//////// v3.216 - 17/07/14 ////////

- Database update

//////// v3.215 - 09/07/14 ////////

- Database update

//////// v3.214 - 29/06/14 ////////

- Database update
- Generic detections updated
- False positive removed

//////// v3.213 - 23/06/14 ////////

- Major database update

//////// v3.212 - 05/06/14 ////////

- Database update
- False positive removed

//////// v3.211 - 26/05/14 ////////

- Database update

//////// v3.210 - 19/05/14 ////////

- False positive removed

//////// v3.209 - 18/05/14 ////////

- Database update

//////// v3.208 - 11/05/14 ////////

- Database update
- Removed "Hosts Anti-PUP/Adware" ( development stopped )
- Italian translation modified
- False positive removed

//////// v3.207 - 05/05/14 ////////

- Database update

//////// v3.206 - 04/05/14 ////////

- Database update
- Fixed bug ( Firefox )
- Fixed bug ( Paths detection )

//////// v3.205 - 28/04/14 ////////

- Database update
- Added detection of bad IFEO entries
- Improved firefox extensions detection
- Fixed bug
- Added new icons

//////// v3.204 - 26/04/14 ////////

- Deletion of files/folders on reboot improved
- Optimized code ( ~10s faster )
- Updated generic detections
- User profiles detection improved
- Fixed bug ( Chrome database management )
- Fixed an error in the logfile display ( Tasks )

//////// v3.203 - 26/04/14 ////////

- Database update
- Fixed bug in Chrome preferences detection
- Fixed typo mistakes in Italian translation
- Fixed typo mistakes in Japanese translation
- New design ( Thanks to Peter Z. )

//////// v3.202 - 23/04/14 ////////

- Database update
- Added "Search Provider" detection for Chrome
- Japanese translation available

//////// v3.201 - 22/04/14 ////////

- Chrome preferences detection ( minor changes )
- Italian translation available

//////// v3.200 - 22/04/14 ////////

- Chrome preferences detection improved
- Database update
- Fixed Dutch translation
- False positive removed

//////// v3.103 - 21/04/14 ////////

- Database update
- False positive removed
- Generic Multiplug detection corrected

//////// v3.102 - 20/04/14 ////////

- False positive removed
- Generic Multiplug detection corrected

//////// v3.101 - 20/04/14 ////////

- Database update
- Generic Multiplug detection updated
- Users profile detection changed
- Dutch translation available


//////// v3.100 - 20/04/14 ////////

- Major database update
- False positive removed
- Bulgarian translation available
- Russian translation available
- Proxy detection updated

//////// v3.024 - 18/04/14 ////////

- Database update
- Fixed a bug in AppInit module

//////// v3.023 - 01/04/14 ////////

- Database update
- False positive removed

//////// v3.022 - 13/03/14 ////////

- Database update
- False positive removed

//////// v3.021 - 10/03/14 ////////

- EULA added

//////// v3.020 - 27/02/14 ////////

- Database update

//////// v3.019 - 17/02/14 ////////

- Database update

//////// v3.018 - 28/01/14 ////////

- Database update

//////// v3.017 - 12/01/14 ////////

- Database update

//////// v3.016 - 22/12/13 ////////

- Database update
- Typo mistake corrected ( german translation )

//////// v3.015 - 10/12/13 ////////

- Database update

//////// v3.014 - 01/12/13 ////////

- Major database update
- Multiplug generic detection updated
- Estonian translation available

//////// v3.013 - 24/11/13 ////////

- Database update

//////// v3.012 - 11/11/13 ////////

- Fixed typo mistake in Polish translation
- Turkish translation available
- Database update

//////// v3.011 - 03/11/13 ////////

- Database update
- False positive removed
- Generic.Crossrider detection improved
- Generic.Multiplug detection improved
- Improved planified tasks module

//////// v3.010 - 20/10/13 ////////

- Database update
- Generic.Crossrider detection improved
- Polish translation updated

//////// v3.009 - 19/10/13 ////////

- Database update
- Fixed bug ( infected shortcuts )

//////// v3.008 - 17/10/13 ////////

- Database update

//////// v3.007 - 09/10/13 ////////

- Database update
- Added some proxy detection
- Improved products detection

//////// v3.006 - 01/10/13 ////////

- Database update

//////// v3.005 - 22/09/13 ////////

- Database update

//////// v3.004 - 15/09/13 ////////

- Database update
- False positive removed

//////// v3.003 - 07/09/13 ////////

- Added possibility to resize the GUI
- False positive removed
- Fixed bug ( some keys were deleted but it wasn't written in the report )
- Fixed bug ( portuguese-brazilian translation )
- Corrected typo mistakes in Spanish translation

//////// v3.002 - 01/09/13 ////////

- Corrected bug about Firefox whitelist
- False positive removed
- Major database update
- Added Avira Toolbar auto-detection
- Updated German translation
- Updated Portuguese brazilian translation
- Updated English translation
- Updated Spanish translation

//////// v3.001 - 24/08/13 ////////

- Major database update

//////// v3.000 - 20/08/13 ////////

Adds :

- New GUI
- Added quarantine manager
- Added PUC ( Product Update Code) module
- Added FirewallPolicy keys module
- Added planified tasks module
- Added Firefox extensions dedicated module
- Added function to reset key or service ACL
- You can now unselect an element if you don't want to delete it

Improvements :

- Infected shortcuts module improved
- Generic detections ( Tuto4PC, Conduit, MultiPlug, CrossRider, ... ) improved
- Removal process of an element improved
- AppInits_DLL management improved
- Chrome preferences file management improved
- Firefox preferences file management improved
- Deletion on reboot improved
- Improved IE module
- Code optimized ( 80% reworked)

Removed :

- Options ( /DisableAskDetection, etc ... )
- Navipromo generic search

//////// v2.306 - 19/07/13 ////////

- Added new detections
- False positive removed

//////// v2.305 - 11/07/13 ////////

- Added new detections ( Major database update )

//////// v2.304 - 03/07/13 ////////

- Added new detections

//////// v2.303 - 08/06/13 ////////

- Added new detections
- Estonian translation available

//////// v2.302 - 06/06/13 ////////

- Added new detections ( Major database update )
- False positive removed

//////// v2.301 - 16/05/13 ////////

- Added new detections
- False positive removed

//////// v2.300 - 28/04/13 ////////

- Added new detections
- False positive removed
- Added heuristic detection of adware "BrowseToSave"

//////// v2.202 - 23/04/13 ////////

- Added new detections

//////// v2.201 - 21/04/13 ////////

- Added new detections

//////// v2.200 - 02/04/13 ////////

- Added new detections
- Added cleaning of subkeys "StartMenuInternet"
- Added cleaning of subkey "StartUrl"
- False positive removed

//////// v2.115 - 17/03/13 ////////

- TeamViewer process added to whitelist
- Added new detections
- Czech translation available
- Slovak translation available

//////// v2.114 - 05/03/13 ////////

- False positive removed
- Added new detections

//////// v2.113 - 23/02/13 ////////

- Added new detections

//////// v2.112 - 10/02/13 ////////

- Added new detections
- Portuguese brazilian translation available

//////// v2.111 - 05/02/13 ////////

- Bug fixed

//////// v2.110 - 03/02/13 ////////

- Added new detections
- False positive removed
- Generic detection added for Adware.CrossRider
- Generic detection added for GUID that contains bad pattern ( e.g "Browse2save" )
- Added repair of infected shortcuts ( e.g "certified-toolbar" )

//////// v2.109 - 27/01/13 ////////

- Added new detections

//////// v2.108 - 24/01/13 ////////

- Added new detections
- Added generic detections for adware.PCTuto
- False positive removed

//////// v2.107 - 21/01/13 ////////

- Added new detections
- Modified "Mngr" deletion module

//////// v2.106 - 17/01/13 ////////

- Added new detections
- Bug fixed - "Mngr" deletion module

//////// v2.105 - 08/01/13 ////////

- Added new detections
- Added new module for Product ID detection ( UpgradeCode, Products, Features )

//////// v2.104 - 29/12/12 ////////

- Added new detections
- Added detections of locked Chrome/Chromium extensions
- Filter for detection of random hexadecimal software keys modified
- Spanish translation bug fixed

//////// v2.103 - 25/12/12 ////////

- Added new detections
- Detection of random hexadecimal software keys

//////// v2.102 - 23/12/12 ////////

- Added new detections
- AppInit 64-bits registry value is now detected
- Firefox profile detection improved

//////// v2.101 - 16/12/12 ////////

- Added new detections

//////// v2.100 - 09/12/12 ////////

- Added "Mngr" deletion module
- Added new detections

//////// v2.011 - 02/12/12 ////////

- IE, Chrome and Chromium version detection improved
- Polish translation available
- Bulgarian translation available
- Added new detections
- False positive removed

//////// v2.010 - 29/11/12 ////////

- Added new detections
- Major bug fixed

//////// v2.009 - 24/11/12 ////////

- Executable size reduced
- Added new detections
- False positive removed
- Minor modifications

//////// v2.008 - 17/11/12 ////////

- Research 64 bits key : HKLM\...\Internet Explorer\Main
- Added new detections
- Minor modifications

//////// v2.007 - 06/11/12 ////////

- Code optimized
- Added new detections
- False positive removed

//////// v2.006 - 30/10/12 ////////

- AppInit_DLL data detection improved
- Added new detections
- False positive removed

//////// v2.005 - 14/10/12 ////////

- Italian translation corrected
- Added new detections

//////// v2.004 - 07/10/12 ////////

- Bug fixed ( end of logfile )
- Bug fixed ( freeze at 30% )
- ACL reinitialized before registry key deletion
- Italian translation available
- Danish translation available
- Turkish translation available
- Spanish translation available

//////// v2.003 - 23/09/12 ////////

- Bug fixed ( detection of current version )
- Added new detections

//////// v2.002 - 16/09/12 ////////

- Added new detections

//////// v2.001 - 09/09/12 ////////

- Added new detections

//////// v2.000 - 30/08/12 ////////

- New GUI ( Thanks to Florian Briens )
- Scan optimized on 64-bits OS
- ~0.1s faster on 32-bits, ~0.5s faster on 64-bits
- Executable size reduced 120ko
- Code optimized
- DefaultScope now resetted ( 32/64 bits )
- Category " ***** [Registry - GUID] ***** " removed. All keys/values are now listed in " ***** [Registry] ***** " category.
- prefix "[x64]" removed.
- Match between "Uninstall" keys and "ARPCache" keys
- "Software" keys detection improved ( HKCU\Software , HKCU\Software\AppDataLow , HKCU\Software\AppDataLow\Software , HKLM\SOFTWARE )
- Uninstall improved
- Verification module of the current version added
- Kill process function improved
- Category " ***** [H.Navipromo] ***** " removed
- "AppInit_DLLs" value is now detected
- Chromium module added
- Dutch translation available
- Deutsch translation available
- Chrome/Chromium detection improved
- Switches module added
- Switches /DisableAskDetection , /DisableIEDetection , /DisableFFDetection , /DisableChromeDetection , /DisableOperaDetection ,/DisableProxyDetection added.

//////// v1.801 - 14/08/12 ////////

- Bootmode added to the header
- Bug fixed
- Added new detections

//////// v1.800 - 01/08/12 ////////

- Added automatic detection of "Conduit" toolbars
- Added new detections

//////// v1.703 - 20/07/12 ////////

- Added "Hosts Anti-PUP/Adware" entry in menu
- Added new detections

//////// v1.702 - 13/07/12 ////////

- Added new detections

//////// v1.701 - 02/07/12 ////////

- Added new detections

//////// v1.700 - 26/06/12 ////////

- Switches available
- Added new detections

//////// v1.609 - 10/06/12 ////////

- Added new detections

//////// v1.608 - 27/05/12 ////////

- Added new detections

//////// v1.607 - 23/05/12 ////////

- Added new detections

//////// v1.606 - 10/05/12 ////////

- Bug fixed
- Added new detections

//////// v1.605 - 05/05/12 ////////

- Profiles detection function optimized
- Added new detections

//////// v1.604 - 23/04/12 ////////

- Chrome version check corrected
- Navipromo detection optimized
- Added new detections

//////// v1.603 - 22/04/12 ////////

- Firefox detection optimized
- Bug fixed ( logfile )
- Added new detections

//////// v1.602 - 19/04/12 ////////

- Bug fixed ( whitelist )
- Bug fixed ( profiles )

//////// v1.601 - 17/04/12 ////////

- Bug fixed ( language detection )
- Added new detections

//////// v1.600 - 15/04/12 ////////

- Delete on reboot function improved
- All users profiles are now supported
- Browsers detection optimized
- Database optimized
- category " Registry (x64) " removed ( Replaced by "[x64]" prefix for concerned keys )
- category " Registry - GUID " added
- Added new detections

//////// v1.505 - 07/04/12 ////////

- Database optimized
- Added new detections

//////// v1.504 - 01/04/12 ////////

- FF whitelist updated
- Added new detections

//////// v1.503 - 24/03/12 ////////

- firefox profiles detection improved
- Added new detections

//////// v1.502 - 17/03/12 ////////

- Added new detections

//////// v1.501 - 04/03/12 ////////

- Added new detections

//////// v1.500 - 23/02/12////////

- code optimized
- navipromo generic detection improved
- Delete on reboot added
- False positive removed
- filters modified
- Added new detections

//////// v1.410 - 20/02/12 ////////

- Added new detections

//////// v1.409 - 12/02/12 ////////

- Added new detections
- Browser whitelist ( Chrome, FF )

//////// v1.408 - 29/01/12 ////////

- Added new detections

//////// v1.407 - 18/01/12 ////////

- Added new detections

//////// v1.406 - 09/01/12 ////////

- Processes kill function modified

//////// v1.405 - 09/01/12 ////////

- Bug fixed ( processes )

//////// v1.405 - 08/01/12 ////////

- Code optimized
- Spanish, Deutch and Deutsch translation removed
- Added new detections

//////// v1.404 - 04/01/12 ////////

- Menu added
- Added new detections

//////// v1.403 - 24/12/11 ////////

- Added new detections

//////// v1.402 - 11/12/11 ////////

- Added new detections

//////// v1.401 - 06/12/11 ////////

- Generic detection added for registry

//////// v1.400 - 04/12/11 ////////

- Added new detections

//////// v1.320 - 02/12/11 ////////

- Added new detections
- Bugs fixed

//////// v1.319 - 20/11/11 ////////

- Code optimized
- Added new detections

//////// v1.318 - 13/11/11 ////////

- Bug fixed ( Uninstall )
- Database optimized

//////// v1.317B - 10/11/11 ////////

- Added new detections

//////// v1.317 - 06/11/11 ////////

- All processes killed except critical
- Research/Deletion now support 64-bits registry
- Duplicated entries in database deleted
- Navipromo detection improved
- Truncation in the logfile of prefs.js lines if > 100 characters

//////// v1.316 - 31/10/11 ////////

- navipromo generic detection added
- Added new detections

//////// v1.315 - 27/10/11 ////////

- ARPCache keys now supported
- prefs.js research is now not case sensitive
- " extensions.installcache " line whitelisted
- Added new detections

//////// v1.314 - 25/10/11 ////////

- Corrected spelling mistakes
- IE scan corrected
- Added new detections

//////// v1.313 - 24/10/11 ////////

- Added new detections
- Spanish translation available
- Dutch translation available
- Prevention message box added at the end of the deletion

//////// v1.312 - 18/10/11 ////////

- Added new detections
- Uninstall optimized
- GUI modification
- French translation available
- English translation available
- Deutsch translation available

//////// v1.311 - 12/10/11 ////////

- Added new detections
- Bug fixed ( Uninstall )

//////// v1.310 - 07/10/11 ////////

- "Donate" button added
- Added new detections
- Code optimized

//////// v1.309 - 29/09/11 ////////

- Bug fixed ( Services )
- Scan is now a little faster
- Added new detections

//////// v1.308 - 25/09/11 ////////

- Added new detections

//////// v1.307 - 19/09/11 ////////

- Added new detections
- Chrome version check modified
- Bug fixed ( Chrome part )
- Temporary files are now deleted

//////// v1.306 - 14/09/11 ////////

- "Homepage" policy is now deleted ( IE )

//////// v1.305 - 07/09/11 ////////

- Added new detections

//////// v1.304 - 05/09/11 ////////

- All links on the logfile are now neutralized ( hxxp )

//////// v1.303 - 03/09/11 ////////

- Bugs fixed
- Added new detections

//////// v1.302 - 02/09/11 ////////

- Filter added for Conduit toolbar ( prefs.js )

//////// v1.301 - 28/08/11 ////////

- Added new detections
- Code optimized

//////// v1.3 - 23/08/11 ////////

- Bug fixed

//////// v1.2 - 17/08/11 ////////

- Modifications code
- Bug fixed

//////// v1.1 - 16/08/11 ////////

- Added new detections

//////// v1.0 - 14/08/11 ////////

- Changelog available
 

Share this post


Link to post
Share on other sites

Did you download the correct AdwCleaner ?? Try this link for it >>> AdwCleaner   ...........
            
     

Share this post


Link to post
Share on other sites

# AdwCleaner v5.026 - Logfile created 24/12/2015 at 11:39:09
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cody Store - CODYSTORE-PC
# Running from : C:\Users\Cody Store\Downloads\adwcleaner_5.026 (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : TweakBit\Driver Updater\Start Driver Updater оn logon

***** [ Registry ] *****


***** [ Web browsers ] *****

Share this post


Link to post
Share on other sites

Is this computer a Business computer ????

# Username : Cody Store - CODYSTORE-PC
# Running from : C:\Users\Cody Store

 

Chuck

Share this post


Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Cody Store (Administrator) on Thu 12/24/2015 at 11:58:11.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_750DEBBA70AD8E287603ACD8AE9B5589 (Registry Value)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/24/2015 at 12:04:17.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Share this post


Link to post
Share on other sites

Ok .... on it use to be a business computer ! We don't clean/work on business computers, that is why i asked !! You are good to go for the rest of the cleaning !!

I will have more programs for you to run !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/24/2015
Scan Time: 1:49 PM
Logfile: scan log.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2015.12.24.07
Rootkit Database: v2015.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cody Store

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379693
Time Elapsed: 47 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

slhouse, as long as they were quarantined we are good !! Ok let's continue !

==============

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post ! 

 

 

NEXT

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

Post Next:

1. Otl log

2. Security Check log

 

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/24/2015 8:32:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cody Store\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 16.62% Memory free
4.98 Gb Paging File | 2.15 Gb Available in Paging File | 43.11% Paging File free
Paging file location(s): c:\pagefile.sys 3192 6192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 188.94 Gb Total Space | 128.72 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.77 Gb Free Space | 95.79% Space Free | Partition Type: NTFS
 
Computer Name: CODYSTORE-PC | User Name: Cody Store | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3415489378-2467818339-334625643-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049FE1EB-D50A-43CD-AE64-DB308541B50F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19044090-2651-46A1-A8A9-ADF3D82794B7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{25E3ED5C-3B8E-453F-9536-6D0192453B05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3702BB76-04FF-44A6-A6D7-4E7C8A29D3B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B60AD2F-D370-423D-A77E-EA92143CA858}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4BDCA150-FAFC-45C9-A16C-379385A8A51F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C233260-2E7A-4BA8-ADAE-8537328FCC0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C35C981-7BA2-4E4D-AE9A-FC2C6C4BA258}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53DA4C24-FD1B-402F-941E-30ADA27B6E16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58D1653E-4D14-4592-AFA0-28F65D09ABCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{64C072DC-396C-4B21-99CA-56199D8B530D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74529A03-32D9-405C-B745-B9C6EC42A7A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78186072-B122-4AB1-8DDD-32C160222330}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FCEEC10-E35E-4488-B639-FF4F15813EA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{9C5204DD-95F7-4397-9B19-296C2868110B}" = lport=138 | protocol=17 | dir=in | app=system |
"{B20E34C5-A8D1-4C64-A055-90706A787BDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B89F8C8F-3E54-4B71-84AA-ACC43B69B657}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC3DE826-31EF-4161-8934-AA1CFFA52B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4D1FD8A-AEA6-4A49-9EFF-FFE7BBED0F14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAFDA9D5-B2FF-4DB5-B8B7-11A88AC1DD24}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED23ADD9-1F2F-45B2-9736-79BDA99634C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EE773815-5E12-4695-B85F-672037D68421}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF41E75F-5BA4-4B36-8173-7843F154CB8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6079CAA-C44E-47AF-8AFB-ED19FF1BC384}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8E23BB2-1EE6-48F4-AD05-81A24158435F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD5E0DDF-40A8-4FC2-A7CB-464BF9B53CCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CAB4FF-108C-4B65-A2E0-906BB4EEDDF2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{097630DA-59A4-46D8-8412-993A79794F05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{124A566C-454E-4040-920D-40830F1CF1DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A9C930D-2E63-4190-B527-3E9BC7AEF9F8}" = protocol=58 | dir=out | [email protected],-28546 |
"{25ABB084-4363-4F83-83FF-2AAC403ECB2E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27447339-E06D-40F2-BE0F-3767BCB8B1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\entitlement client\v3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{28039AB5-B105-49E8-83D0-75C9D1464E1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DE51CF0-4C66-42E6-9354-E255157356DD}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe |
"{2E393984-9A65-414C-AA0D-2C726A28DDA2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{309C2D29-2C39-40FC-828E-7301026B08E9}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{33B72133-1591-4C60-8944-F6FC848DE963}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\databaseserver\qbdbmgrn.exe |
"{38554DE7-5057-479C-A230-B5BF7DD9F68C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{43A4AB3F-C2FF-4E28-AA90-E8D706CA3129}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49BD5C39-8010-43A6-A692-CBF5F74184C1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{49BE06EB-DB16-4083-9209-4523297EBFE2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\entitlement client\v3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{5020D2F6-8C80-4FAE-A0FF-BDDA9ED10EC6}" = protocol=6 | dir=out | app=system |
"{58A75B1D-DC68-484E-9AB5-4923A01BEE9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5ECD6DF9-D9E8-4A66-9DA9-0DBFE4ED2791}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\databaseserver\qbdbmgr.exe |
"{6C2C79E8-37EB-4DCB-A165-F0DE2DEC76E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7051F761-B30C-40BD-9343-A06FD7854E64}" = protocol=1 | dir=in | [email protected],-28543 |
"{705F20C0-2547-4D48-9BBE-A680606E2E14}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{752A29B6-5D3E-4D88-9420-341AF23FC51A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78F47AEA-7602-42E1-B8F9-4867F3255E80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79D153E4-07DD-4905-9D2B-3C15DF3C94DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D934C7D-DE9B-4E3C-B261-C50F27534791}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\eftsvr.exe |
"{7E6536B5-4260-4E0A-8672-2B48BCE87D15}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\entitlement client\v3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{84010EF9-66F2-4BF5-AB69-B41D5CF335C0}" = protocol=58 | dir=in | [email protected],-28545 |
"{8879B309-73C6-443E-9A59-AEC02449A61C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D4C459C-A767-43A5-B8EF-F5D9347C0504}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A16CB74F-21CE-41E1-A098-07ECCA8D425A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2A1F5EC-F6B0-4EDC-8124-2A21687926FD}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{ADD1F5A4-08B9-49EA-940F-A85EA76EAD39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C44F3FFA-C0CF-42F2-BAB3-48ADFDECB8D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAB5C206-7C4B-456E-9B06-095DF33F7106}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CD052375-4D5F-4BBA-A7A5-FD94224E2C74}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\eftsvr.exe |
"{D1F2233F-CF9C-42B1-85D7-887BF3E7FC6D}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D96FB710-A874-411C-87D7-FBF7EAAE1459}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\databaseserver\qbdbmgr.exe |
"{DAD3F6E1-B10E-4E5C-AAA7-A7658B383C14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD8071D7-135E-4AC7-8EA7-045E6A1E6A10}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EDAFA305-CF12-4427-B15F-01447FEF96D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1A2A63C-4645-4501-AA75-22F2C5AB18F9}" = protocol=1 | dir=out | [email protected],-28544 |
"{F1CCEFA5-9887-433D-A291-8156CED8DF76}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\entitlement client\v3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{F44157DC-B56D-4F60-BE74-2DACE59A3355}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F81BEFAA-6EDE-44D3-A4BD-5A6B17601B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 6.0\databaseserver\qbdbmgrn.exe |
"{FD2CE45C-3889-458A-B777-B3F64DB66B56}" = dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\bin\hpnetworkcommunicator.exe |
"{FFC32041-0BE0-4ABF-BEC7-C7CCF693629A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{105C1174-9077-4A16-B5C6-9AEDCC75E2C7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A00C12B-8460-476E-ACF6-2688429EDD02}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{9B9391D8-591A-41E2-9D37-597B9B9968DD}C:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\hppefax_m375_m475.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\hppefax_m375_m475.exe |
"TCP Query User{AD270933-7B94-4C68-93EF-596707470FA1}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{B1402544-F3A5-47DD-90E7-1A1F1BC03A4C}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{3BB36C96-37AF-4228-A192-A12BD50E1DFA}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{424EB89F-916B-4FF0-88DC-2BE9622DD98A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B936BCB1-DE3E-4268-8C60-C9FFD21F2CCF}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{D2E504B8-BCAB-4B52-B89E-08B9479D022B}C:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\hppefax_m375_m475.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\hppefax_m375_m475.exe |
"UDP Query User{DB4A4239-63F6-41CF-8B0C-5263EF9AA20D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033123A8-E639-4108-BFC8-27566EFFAAF4}" = HP Unified IO
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C8C7232-3FFD-4509-8326-F93E8C8FB64E}" = QuickBooks Point Of Sale Product Listing Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DFECF3-4E16-4B14-9CF1-6D6928BB4BEA}" = hpStatusAlertsM375_M475
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{264908A0-87AD-4248-9B4E-C0E9C8798670}" = QuickBooks Point of Sale 6.0
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}" = InstanceFinder
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BEA857F-D027-4759-87D2-28688D508DDE}" = hppToolboxProxyM375
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E64C460-0FAA-4450-99CE-783B0F662B8F}" = hpbM375M475DSService
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D019528-5866-4F28-B29E-E89F2495278A}" = HP LJ300-400 M375-M475 HP Scan
"{4F5F1DED-1EB8-436C-8781-F6F28BFFE871}" = HP Product FWUpdater
"{55757576-28B2-4552-AAF6-340F9FFBA9FA}" = ToolboxProxy
"{5952A881-831C-451A-BF20-F0CA2C295D94}" = HP Unified IO
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{678753E6-E526-4AE5-A144-00240772543A}" = Citrix Online Launcher
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}" = HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C8660F9-42DC-4D4E-85D5-CCAE3A2E5B1F}" = HPLJUTCore
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86F513F7-6CFD-4B07-A762-28E5ED2CEE97}" = hppLaserJetService
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService
"{9D1DE902-8058-4555-A16A-FBFAA49587DB}" = HP LJ300-400 color MFP M375-M475
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FFC4E8E-2E8F-4030-A5E4-27EC4A269F32}" = Lenovo Smile Dock
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM375M475
"{BD666C86-25CE-4D88-9F7D-C6266394C18D}" = hpStatusAlerts
"{C3E833FD-AAF9-45E2-B2CA-091C4D04203F}" = hppSendFaxM375M475
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6E615F-F0F3-4211-BD79-0D9B62D77B0E}" = hppM375_M475LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F284FAB3-7B91-499F-856A-1A8BF7649D8D}" = HP LJ300-400 color MFP M375-M475 Fax
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA1B7AB4-9FE9-47A8-9A2F-C9FCB2F03A26}" = HPLJUTM375-M475
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 20 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Avast" = Avast Free Antivirus
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Lenovo Games Console" = Lenovo Games Console
"Lenovo Smile Dock" = Lenovo Smile Dock
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 43.0.2 (x86 en-US)" = Mozilla Firefox 43.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3415489378-2467818339-334625643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 7.8.0.4151
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/9/2015 7:10:48 PM | Computer Name = CodyStore-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 42.0.0.5780 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: aec    Start
 Time: 01d1323299ea2511    Termination Time: 6240    Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe    Report Id: fe74f698-9ec9-11e5-af6c-1c750854b168

 
Error - 12/10/2015 2:10:24 PM | Computer Name = CodyStore-PC | Source = System Restore | ID = 8193
Description =
 
Error - 12/10/2015 3:30:03 PM | Computer Name = CodyStore-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12/13/2015 11:32:39 AM | Computer Name = CodyStore-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: HTTP status 408: The server timed out waiting for the request.

 
Error - 12/16/2015 11:12:38 AM | Computer Name = CodyStore-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed:
 
Error - 12/16/2015 11:35:19 AM | Computer Name = CodyStore-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 12/18/2015 9:01:51 AM | Computer Name = CodyStore-PC | Source = System Restore | ID = 8193
Description =
 
Error - 12/18/2015 1:34:05 PM | Computer Name = CodyStore-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12/18/2015 6:56:40 PM | Computer Name = CodyStore-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 43.0.0.5820,
 time stamp: 0x56674057  Faulting module name: mozglue.dll, version: 43.0.0.5820,
time stamp: 0x56673288  Exception code: 0x80000003  Fault offset: 0x0000ed55  Faulting
 process id: 0x2b0  Faulting application start time: 0x01d139bdaf044d5c  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll  Report Id: 98db45dd-a5da-11e5-a382-1c750854b168
 
Error - 12/20/2015 11:36:21 AM | Computer Name = CodyStore-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 43.0.0.5820 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1194    Start
 Time: 01d13aba599e2b61    Termination Time: 4518    Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe    Report Id: 153ec447-a72f-11e5-8d9a-1c750854b168

 
[ System Events ]
Error - 12/24/2015 8:59:00 PM | Computer Name = CodyStore-PC | Source = DCOM | ID = 10005
Description =
 
Error - 12/24/2015 9:00:20 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error - 12/24/2015 9:00:20 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
 to start due to the following error:   %%1053
 
Error - 12/24/2015 9:01:01 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Media Player Network Sharing Service service to connect.
 
Error - 12/24/2015 9:01:01 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1053
 
Error - 12/24/2015 11:06:35 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WMPNetworkSvc service.
 
Error - 12/24/2015 11:06:35 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 12/24/2015 11:07:45 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7022
Description = The Intel(R) Management & Security Application User Notification Service
 service hung on starting.
 
Error - 12/24/2015 11:10:52 PM | Computer Name = CodyStore-PC | Source = DCOM | ID = 10010
Description =
 
Error - 12/24/2015 11:10:50 PM | Computer Name = CodyStore-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
 
< End of report >

 

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/24/2015 8:32:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cody Store\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 16.62% Memory free
4.98 Gb Paging File | 2.15 Gb Available in Paging File | 43.11% Paging File free
Paging file location(s): c:\pagefile.sys 3192 6192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 188.94 Gb Total Space | 128.72 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.77 Gb Free Space | 95.79% Space Free | Partition Type: NTFS
 
Computer Name: CODYSTORE-PC | User Name: Cody Store | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/12/24 20:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cody Store\Downloads\OTL.scr
PRC - [2015/12/23 09:29:38 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/12/10 20:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/12/08 19:14:51 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
PRC - [2015/12/08 14:36:58 | 024,952,456 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
PRC - [2015/11/06 07:56:00 | 006,133,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/10/28 16:49:50 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 15:09:18 | 000,136,760 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2011/07/08 07:11:06 | 000,162,816 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010/12/09 16:14:17 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/06/30 13:45:24 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/06/30 11:23:24 | 000,774,496 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Lenovo Smile Dock\CenterStage.exe
PRC - [2010/06/23 06:39:54 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/03/15 10:06:34 | 001,479,504 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 6.0\DatabaseServer\QBPOSDBServiceV6.exe
PRC - [2010/03/03 13:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 13:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/01/30 15:12:54 | 000,024,576 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2006/02/23 16:14:20 | 000,073,728 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 6.0\DatabaseServer\QBDBMgrN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/10 20:54:11 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
MOD - [2015/12/10 20:54:09 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
MOD - [2015/12/10 12:28:32 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ddeb762f3855a9b80a460f7a52897c59\IAStorUtil.ni.dll
MOD - [2015/12/10 12:22:41 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4820b4fd008735649ef8aa3ececa5b51\PresentationFramework.Aero.ni.dll
MOD - [2015/12/10 12:22:29 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\22ecb65a85bd152e3b3fbecc17e91cfa\PresentationFramework.ni.dll
MOD - [2015/12/10 12:22:04 | 012,255,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d5568a721c541cd3b66e50e92968e6\PresentationCore.ni.dll
MOD - [2015/12/10 12:21:47 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\95fe8bcfce8e5b609f6432ad43d854db\WindowsBase.ni.dll
MOD - [2015/12/08 19:14:49 | 017,647,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
MOD - [2015/12/08 14:36:50 | 000,024,904 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MOD - [2015/12/08 14:36:50 | 000,021,840 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MOD - [2015/12/08 14:36:50 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
MOD - [2015/12/08 14:36:48 | 000,023,376 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2015/12/08 14:36:48 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
MOD - [2015/12/08 14:36:46 | 000,381,752 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
MOD - [2015/12/08 14:36:46 | 000,019,760 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
MOD - [2015/12/08 14:36:42 | 003,891,504 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
MOD - [2015/12/08 14:36:40 | 000,225,080 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
MOD - [2015/12/08 14:36:40 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
MOD - [2015/12/08 14:36:38 | 000,486,704 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
MOD - [2015/12/08 14:36:38 | 000,357,680 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
MOD - [2015/12/08 14:36:36 | 001,950,000 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
MOD - [2015/12/08 14:36:36 | 000,519,984 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
MOD - [2015/12/08 14:36:36 | 000,207,672 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
MOD - [2015/12/08 14:36:34 | 001,826,608 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
MOD - [2015/12/08 14:36:32 | 000,052,024 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
MOD - [2015/12/08 14:36:32 | 000,024,392 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
MOD - [2015/12/08 14:36:30 | 000,038,696 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
MOD - [2015/12/08 14:36:28 | 001,737,032 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
MOD - [2015/12/08 14:36:28 | 000,084,792 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll
MOD - [2015/12/08 14:36:28 | 000,020,808 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
MOD - [2015/12/08 14:36:26 | 000,023,352 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
MOD - [2015/12/08 14:36:26 | 000,020,816 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2015/12/08 14:36:24 | 000,022,848 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2015/12/08 14:36:24 | 000,021,304 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
MOD - [2015/12/08 14:36:22 | 000,117,056 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
MOD - [2015/12/08 14:36:22 | 000,042,296 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
MOD - [2015/12/08 14:36:22 | 000,020,280 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
MOD - [2015/11/12 08:17:14 | 012,438,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dc5e9aaf3f627418b920205c75b926df\System.Windows.Forms.ni.dll
MOD - [2015/11/12 08:17:06 | 001,812,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cd70a8ca5d58ecc8cf3ba7d9ceb963bb\System.Deployment.ni.dll
MOD - [2015/10/30 18:01:00 | 000,019,920 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
MOD - [2015/10/30 18:00:58 | 000,786,904 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/10/30 18:00:58 | 000,063,448 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015/10/30 18:00:58 | 000,019,408 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
MOD - [2015/10/30 18:00:26 | 000,036,296 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsync.dll
MOD - [2015/10/30 18:00:24 | 000,350,152 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
MOD - [2015/10/30 18:00:22 | 000,048,592 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32service.pyd
MOD - [2015/10/30 18:00:22 | 000,028,616 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
MOD - [2015/10/30 18:00:20 | 000,114,640 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32security.pyd
MOD - [2015/10/30 18:00:20 | 000,043,472 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32process.pyd
MOD - [2015/10/30 18:00:20 | 000,024,016 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
MOD - [2015/10/30 18:00:18 | 000,175,560 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
MOD - [2015/10/30 18:00:18 | 000,030,160 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
MOD - [2015/10/30 18:00:16 | 000,124,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32file.pyd
MOD - [2015/10/30 18:00:16 | 000,024,528 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32event.pyd
MOD - [2015/10/30 18:00:14 | 000,105,928 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32api.pyd
MOD - [2015/10/30 18:00:14 | 000,024,016 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
MOD - [2015/10/30 18:00:14 | 000,020,936 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
MOD - [2015/10/30 18:00:10 | 000,109,520 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
MOD - [2015/10/30 18:00:08 | 000,240,584 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
MOD - [2015/10/30 18:00:08 | 000,083,912 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\sip.pyd
MOD - [2015/10/30 18:00:06 | 000,019,408 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
MOD - [2015/10/30 17:59:54 | 000,134,608 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
MOD - [2015/10/30 17:59:54 | 000,034,768 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
MOD - [2015/10/30 17:59:52 | 000,692,688 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
MOD - [2015/10/30 17:59:52 | 000,093,640 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
MOD - [2015/10/30 17:59:50 | 000,134,088 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
MOD - [2015/10/30 17:59:50 | 000,018,376 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\select.pyd
MOD - [2015/10/30 17:59:48 | 000,392,144 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
MOD - [2015/10/30 17:59:48 | 000,116,688 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
MOD - [2015/10/28 16:50:35 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/10/28 16:50:05 | 000,103,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/10/28 16:49:53 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/10/16 19:36:01 | 002,516,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d484fa539f4446a1d30b5283b778a312\System.Data.Linq.ni.dll
MOD - [2015/10/16 19:35:03 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c00840ee7b4eb45e78557fc3c8785733\System.ServiceProcess.ni.dll
MOD - [2015/10/16 19:34:22 | 011,923,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\38234ab6b7aa0762a54e27862d8bbdfe\System.Web.ni.dll
MOD - [2015/10/16 19:30:13 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\82ecf48db57ddf66f74fca17b0f99453\System.Drawing.ni.dll
MOD - [2015/10/16 17:10:09 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\aed7d83172e09689d6aac4c4e91d57c7\System.Xml.Linq.ni.dll
MOD - [2015/10/14 09:05:13 | 002,297,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\63e9d5c341d64a753cde97f5a3d65c71\System.Core.ni.dll
MOD - [2015/10/14 09:04:15 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
MOD - [2015/10/14 09:03:06 | 002,336,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8d3ad9576a6262c04228796389a2d43f\Microsoft.JScript.ni.dll
MOD - [2015/10/14 09:03:06 | 000,055,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\19777cd74173fbe2e9931095cc8e057b\Microsoft.Vsa.ni.dll
MOD - [2015/10/13 19:39:58 | 000,634,368 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b1ea229a8e6fda948b215cf4f727a606\System.AddIn.ni.dll
MOD - [2015/10/13 19:39:58 | 000,082,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f714b35a0b05d95a5bc3f8339ca5940b\System.AddIn.Contract.ni.dll
MOD - [2015/10/13 19:25:38 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0967cf5c31691f38d013263304d2dacb\System.Runtime.Remoting.ni.dll
MOD - [2015/10/13 19:25:37 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\abecd46ce0b212dad31a9e8f9adf073f\System.EnterpriseServices.ni.dll
MOD - [2015/10/13 19:25:36 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f45bc0251cceb599622f55cc1c7f4aba\System.Transactions.ni.dll
MOD - [2015/10/13 19:25:35 | 006,638,592 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\4b335bfaa07fc54f2d72213d33f53e97\System.Data.ni.dll
MOD - [2015/10/13 19:25:05 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\91eb4f41130c65ef17f0fee1d3ab48fb\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2015/10/13 19:24:35 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2015/10/13 19:24:31 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
MOD - [2015/10/13 19:24:30 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2015/10/13 19:24:21 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/03/20 15:49:19 | 002,952,704 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/03 22:57:21 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/07/19 15:07:14 | 000,111,160 | ---- | M] () -- C:\Program Files (x86)\HP\StatusAlerts\bin\NativeUtils.dll
MOD - [2010/12/09 16:14:17 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/05/10 09:36:56 | 000,655,360 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax
MOD - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 19:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 19:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/11/08 15:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/28 16:49:50 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/07/22 17:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/12/23 09:29:37 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/12/08 19:14:53 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/11 20:43:41 | 000,136,048 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2015/11/11 20:43:41 | 000,136,048 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/07/08 07:11:06 | 000,162,816 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/27 12:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2010/06/23 06:39:54 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/15 10:06:34 | 001,479,504 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 6.0\DatabaseServer\QBPOSDBServiceV6.exe -- (QBPOSDBServiceV6)
SRV - [2010/03/03 13:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2008/01/30 15:12:54 | 000,024,576 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/24 20:08:22 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/11/06 07:56:04 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015/11/06 07:56:03 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/10/28 16:50:44 | 000,274,808 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/10/28 16:50:44 | 000,153,744 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/10/28 16:50:43 | 000,090,968 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/10/28 16:50:43 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/10/28 16:50:43 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/10/28 16:50:40 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/10/08 17:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2014/10/08 17:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2014/10/08 17:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2014/10/08 17:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/06 10:59:04 | 000,229,456 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/06/18 06:34:58 | 004,170,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/06/10 04:43:20 | 001,380,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/31 00:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/11 20:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 12:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 02:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg3.mail.yahoo.com/neo/launch?.rand=2vevu3o0pck0o
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS420
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3415489378-2467818339-334625643-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.hiddenOneOffs: "Google,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Cody Store\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/10 12:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/10/04 16:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cody Store\AppData\Roaming\Mozilla\Extensions
[2015/12/24 17:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cody Store\AppData\Roaming\Mozilla\Firefox\Profiles\6r6v6xvo.default-1447341448795\extensions
[2015/12/23 09:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/12/23 09:29:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg\0.0.118.50_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Cody Store\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2015/12/24 20:15:24 | 000,000,828 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3415489378-2467818339-334625643-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3415489378-2467818339-334625643-1000..\Run: [GoogleChromeAutoLaunch_750DEBBA70AD8E287603ACD8AE9B5589] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3415489378-2467818339-334625643-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3415489378-2467818339-334625643-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86BF2474-4AAA-4C52-B59D-8A4DB4DB664D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0406001-F297-484B-A3CB-6C5CF408CC3A}: DhcpNameServer = 67.215.21.202 72.21.70.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbpos - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Windows\SysWOW64\QBPOSProtocol.dll (Intuit Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within (All) ==========
 
[2015/12/2