WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

igfxsrvc.exe is blocking programs from running [Closed]

Started by raymon823 , Jul 26 2014 08:08 PM

This topic is locked

29 replies to this topic

#1 raymon823

Authentic Member

Authentic Member
37 posts

Posted 26 July 2014 - 08:08 PM

I'm not really sure but the program in the topic pops up in task manager when I try to open certain programs mostly stock programs, and I have shopping ads all over my pages in chrome

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:59:54 PM, on 7/26/2014

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16982)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\JA\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

O2 - BHO: pricechop - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1

O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"

O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"

O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"

O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 545" /EF "HKCU"

O4 - HKCU\..\Run: [uTorrent] "C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

O4 - HKCU\..\Run: [SearchProtection] "C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart

O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: vseamps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

O23 - Service: vsedsps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

O23 - Service: vseqrts - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 11760 bytes

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 28 July 2014 - 10:27 AM

Hi raymon823,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
OTL

Download OTL to your desktop.

Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 raymon823

Authentic Member

Authentic Member
37 posts

Posted 28 July 2014 - 05:45 PM

Results of screen317's Security Check version 0.99.86

Windows Vista x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Java 7 Update 55

Java version out of Date!

Adobe Flash Player 14.0.0.145

Adobe Reader 8 Adobe Reader out of Date!

Google Chrome 35.0.1916.153

Google Chrome 36.0.1985.125

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

Common Files Authentium AntiVirus5 vsedsps.exe

Common Files Authentium AntiVirus5 vseamps.exe

iolo Common Lib ioloServiceManager.exe

iolo System Mechanic Professional iologovernor.exe

iolo System Mechanic Professional System Shield ioloSSTray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Run date: 2014-07-28 18:35:40

-----------------------------

18:35:40.422 OS Version: Windows 6.0.6000

18:35:40.422 Number of processors: 2 586 0xF0A

18:35:40.423 ComputerName: MALACHI-PC UserName: JA

18:35:49.836 Initialize success

18:35:49.850 VM: initialized successfully

18:35:49.879 VM: Intel CPU BiosDisabled

18:36:10.940 VM: disk I/O atapi.sys

18:42:31.321 AVAST engine defs: 14072802

18:42:39.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:42:39.581 Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 3

18:42:39.584 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005c

18:42:39.587 Disk 1 Vendor: ( Size: 190782MB BusType: 0

18:42:39.590 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005d

18:42:39.594 Disk 2 Vendor: ( Size: 190782MB BusType: 0

18:42:40.056 Disk 0 MBR read successfully

18:42:40.059 Disk 0 MBR scan

18:42:40.138 Disk 0 Windows VISTA default MBR code

18:42:40.163 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7661 MB offset 2048

18:42:40.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183119 MB offset 15693824

18:42:40.205 Disk 0 scanning sectors +390721968

18:42:40.856 Disk 0 scanning C:\Windows\system32\drivers

18:42:57.327 Service scanning

18:43:35.412 Modules scanning

18:44:08.182 Disk 0 trace - called modules:

18:44:08.206 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys

18:44:08.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855d0608]

18:44:08.216 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x84b3b548]

18:44:08.221 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84b3b660]

18:44:09.373 AVAST engine scan C:\Windows

18:44:13.688 AVAST engine scan C:\Windows\system32

18:47:28.624 AVAST engine scan C:\Windows\system32\drivers

18:47:43.936 AVAST engine scan C:\Users\JA

19:01:09.904 AVAST engine scan C:\ProgramData

19:03:40.287 Scan finished successfully

19:25:20.342 Disk 0 MBR has been saved successfully to "C:\Users\JA\Desktop\MBR.dat"

19:25:20.370 The log file has been saved successfully to "C:\Users\JA\Desktop\aswMBR.txt"

#4 raymon823

Authentic Member

Authentic Member
37 posts

Posted 28 July 2014 - 06:14 PM

OTL logfile created on: 7/28/2014 7:48:23 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JA\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.32% Memory free

6.16 Gb Paging File | 3.32 Gb Available in Paging File | 53.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.83 Gb Total Space | 131.72 Gb Free Space | 73.65% Space Free | Partition Type: NTFS

Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JA\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\JA\Desktop\aswMBR.exe (AVAST Software)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

PRC - C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

PRC - C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)

PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe (iolo technologies, LLC)

PRC - C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe (iolo technologies, LLC)

PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)

PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)

PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)

PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\JA\AppData\Local\Temp\5b8c8eba4ce2448494333f0484609844\filesys.dll ()

MOD - C:\Users\JA\AppData\Local\Temp\5b8c8eba4ce2448494333f0484609844\http.dll ()

MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Users\JA\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll ()

MOD - C:\Users\JA\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()

MOD - C:\Windows\System32\igfxTMM.dll ()

========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found

SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found

SRV - (SDScannerService) -- C:\Program Files\Spybot File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)

SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)

SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)

SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)

SRV - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (nkrxvarp) -- C:\Windows\system32\drivers\nkrxvarp.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\JA\AppData\Local\Temp\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (aswVmm) -- C:\Users\JA\AppData\Local\Temp\aswVmm.sys File not found

DRV - (aswMBR) -- C:\Users\JA\AppData\Local\Temp\aswMBR.sys File not found

DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))

DRV - (PDFsFilter) -- C:\Windows\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)

DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)

DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)

DRV - (AMP) -- C:\Windows\System32\drivers\amp.sys (Commtouch, Inc.)

DRV - (AMPSE) -- C:\Windows\System32\drivers\ampse.sys (Commtouch, Inc.)

DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)

DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)

DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)

DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)

DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}

IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2

IE - HKLM\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.adobe.com/offer/94603h [Binary data over 200 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {3EEB157E-417C-4087-9E33-639B3622F640}

IE - HKCU\..\SearchScopes\{3EEB157E-417C-4087-9E33-639B3622F640}: "URL" = https://search.yahoo...p={searchTerms}

IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2

IE - HKCU\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

========== Chrome ==========

CHR - default_search_provider: (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: https://www.yahoo.co...t&type=avastbcl

CHR - plugin: Error reading preferences file

CHR - Extension: Entanglement Web App = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\

CHR - Extension: Google Docs = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: Google Drive = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\

CHR - Extension: YouTube = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Spotify - Music for every moment = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\

CHR - Extension: Google Search = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Poppit! = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\

CHR - Extension: Google Wallet = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Google Chrome to Phone Extension = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\

CHR - Extension: No name found = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkpggjmfgipifpkfffffknfciiihilg\3.9\

CHR - Extension: AddThis - Share & Bookmark (old) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pannmpobbfegpjngknbghelclaalbfob\2.0_0\

CHR - Extension: Gmail = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (pricechop) - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll ()

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {45504E32-5637-006A-76A7-7A786E7484D7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)

O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)

O4 - HKCU..\Run: [SearchProtection] C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [uTorrent] C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O4 - Startup: C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B858-59F0-4E52-9C89-A89EF59ED55A}: DhcpNameServer = 75.75.75.75 75.75.76.76

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell - "" = AutoRun

O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\JA\AppData\Roaming\iolo\)

O34 - HKLM BootExecute: (sdnclean.exe)

O34 - HKLM BootExecute: ()

O34 - HKLM BootExecute: (Ұ)

O34 - HKLM BootExecute: (K)

O34 - HKLM BootExecute: (<Product GUID="36ED6646-A91F-4078-8781-9F2EB056D706" Name="DriveScrubber">)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/07/28 18:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe

[2014/07/28 18:20:42 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe

[2014/07/26 21:55:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/07/26 18:02:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2014/07/26 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2014/07/26 18:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2014/07/26 18:02:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2014/07/26 18:01:47 | 000,000,000 | --SD | C] -- C:\ComboFix

[2014/07/26 18:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/07/26 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/07/25 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2014/07/25 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2014/07/25 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Dropbox

[2014/07/25 19:28:47 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe

[2014/07/25 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2014/07/23 07:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/07/23 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2014/07/21 17:30:51 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys

[2014/07/21 17:30:51 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys

[2014/07/21 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG

[2014/07/21 16:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2014/07/21 16:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusted Publisher

[2014/07/21 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC_Booster

[2014/07/21 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\pricechop

[2014/07/21 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\pricechop

[2014/07/21 16:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2041ed45e14bc565

[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Torch

[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Chromatic Browser

[2014/07/21 16:10:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Comodo

[2014/07/21 15:55:08 | 000,426,496 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\JA\Desktop\odin3 v1.85.exe

[2014/07/08 14:48:33 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Search Protection

[2014/06/29 11:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2014/06/29 11:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2014/06/28 21:45:02 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Users\JA\Desktop\winusbcoinstaller2.abc.dll

[2014/06/28 21:44:40 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Users\JA\Desktop\WdfCoInstaller01009.usb.dll

[2014/06/28 21:26:28 | 000,000,000 | ---D | C] -- C:\usb_driver

[2014/06/28 21:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\YiHiEcigar

[2014/06/28 21:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YiHi SXi

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/28 19:44:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\SaveSense.job

[2014/07/28 19:41:41 | 000,000,558 | ---- | M] () -- C:\Users\JA\Desktop\MBR.zip

[2014/07/28 19:31:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/07/28 19:25:20 | 000,000,512 | ---- | M] () -- C:\Users\JA\Desktop\MBR.dat

[2014/07/28 19:19:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/07/28 19:07:46 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/07/28 19:07:46 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/07/28 18:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe

[2014/07/28 18:24:24 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini

[2014/07/28 18:21:00 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe

[2014/07/28 18:17:17 | 000,854,390 | ---- | M] () -- C:\Users\JA\Desktop\SecurityCheck.exe

[2014/07/28 18:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/07/28 09:32:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/07/27 12:49:39 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2014/07/27 12:48:52 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys

[2014/07/26 17:34:31 | 000,001,356 | ---- | M] () -- C:\Users\JA\AppData\Local\d3d9caps.dat

[2014/07/26 11:46:49 | 000,000,834 | ---- | M] () -- C:\Users\JA\Desktop\Norton Installation Files.lnk

[2014/07/25 21:58:13 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/07/25 19:29:12 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe

[2014/07/23 07:00:02 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/07/23 06:45:15 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2014/07/21 19:28:16 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/07/21 19:28:16 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/07/21 16:17:55 | 000,000,196 | ---- | M] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe

[2014/07/21 16:12:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014/07/21 15:53:24 | 010,700,862 | ---- | M] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5

[2014/07/21 15:53:20 | 001,206,230 | ---- | M] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip

[2014/07/21 15:50:34 | 000,203,289 | ---- | M] () -- C:\Users\JA\Desktop\Odin3v185.zip

[2014/07/17 20:57:22 | 016,302,088 | ---- | M] () -- C:\Users\JA\Desktop\show_6550689.mp3

[2014/07/17 20:33:52 | 000,000,000 | ---- | M] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3

[2014/07/11 15:58:56 | 000,001,614 | ---- | M] () -- C:\Users\JA\Desktop\Calculator.lnk

[2014/07/08 14:48:22 | 000,000,754 | ---- | M] () -- C:\Users\JA\Desktop\µTorrent.lnk

[2014/07/08 14:48:22 | 000,000,734 | ---- | M] () -- C:\Users\JA\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2014/07/08 14:19:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2014/07/08 14:19:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2014/07/01 17:23:51 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2014/06/30 18:15:34 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI

[2014/06/29 21:14:20 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI

[2014/06/29 11:22:08 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2014/06/29 11:22:08 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2014/06/28 21:45:59 | 000,007,223 | ---- | M] () -- C:\Users\JA\Desktop\winusbcompat.cat

[2014/06/28 21:45:24 | 000,006,566 | ---- | M] () -- C:\Users\JA\Desktop\YiHiEcigar Device Driver_For Windows XP and 7.inf

[2014/06/28 21:44:57 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Users\JA\Desktop\winusbcoinstaller2.abc.dll

[2014/06/28 21:44:36 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Users\JA\Desktop\WdfCoInstaller01009.usb.dll

[2014/06/28 21:44:13 | 000,004,096 | ---- | M] () -- C:\Users\JA\Desktop\_winusbcoinstaller2.abc.dll

[2014/06/28 21:43:50 | 000,004,096 | ---- | M] () -- C:\Users\JA\Desktop\_WdfCoInstaller01009.usb.dll

[2014/06/28 21:25:17 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\SXi.lnk

[2014/06/28 20:59:55 | 054,617,600 | ---- | M] () -- C:\Users\JA\Desktop\YiHi SXi Setup-v20140613-1135.msi

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/28 19:41:41 | 000,000,558 | ---- | C] () -- C:\Users\JA\Desktop\MBR.zip

[2014/07/28 19:25:20 | 000,000,512 | ---- | C] () -- C:\Users\JA\Desktop\MBR.dat

[2014/07/28 18:17:14 | 000,854,390 | ---- | C] () -- C:\Users\JA\Desktop\SecurityCheck.exe

[2014/07/27 12:48:51 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys

[2014/07/26 18:02:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2014/07/26 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2014/07/26 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2014/07/26 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2014/07/26 18:02:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2014/07/23 07:00:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/07/21 16:16:40 | 000,000,196 | ---- | C] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe

[2014/07/21 15:55:08 | 000,000,182 | ---- | C] () -- C:\Users\JA\Desktop\Odin3.ini

[2014/07/21 15:53:31 | 010,700,862 | ---- | C] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5

[2014/07/21 15:53:27 | 001,206,230 | ---- | C] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip

[2014/07/21 15:53:23 | 000,203,289 | ---- | C] () -- C:\Users\JA\Desktop\Odin3v185.zip

[2014/07/17 21:16:30 | 016,302,088 | ---- | C] () -- C:\Users\JA\Desktop\show_6550689.mp3

[2014/07/17 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3

[2014/07/11 15:58:56 | 000,001,614 | ---- | C] () -- C:\Users\JA\Desktop\Calculator.lnk

[2014/06/30 18:15:41 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI

[2014/06/29 21:14:25 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI

[2014/06/29 11:22:08 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2014/06/29 11:22:03 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2014/06/28 21:46:03 | 000,007,223 | ---- | C] () -- C:\Users\JA\Desktop\winusbcompat.cat

[2014/06/28 21:45:29 | 000,006,566 | ---- | C] () -- C:\Users\JA\Desktop\YiHiEcigar Device Driver_For Windows XP and 7.inf

[2014/06/28 21:44:20 | 000,004,096 | ---- | C] () -- C:\Users\JA\Desktop\_winusbcoinstaller2.abc.dll

[2014/06/28 21:43:57 | 000,004,096 | ---- | C] () -- C:\Users\JA\Desktop\_WdfCoInstaller01009.usb.dll

[2014/06/28 21:25:16 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\SXi.lnk

[2014/06/28 21:00:08 | 054,617,600 | ---- | C] () -- C:\Users\JA\Desktop\YiHi SXi Setup-v20140613-1135.msi

[2014/06/26 12:19:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014/06/16 21:04:10 | 001,030,676 | ---- | C] () -- C:\Program Files\Navi-X-v37_8.zip

[2014/04/26 16:47:05 | 000,001,356 | ---- | C] () -- C:\Users\JA\AppData\Local\d3d9caps.dat

[2014/04/26 09:43:42 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini

[2014/04/25 21:28:28 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat

[2013/12/13 16:11:23 | 000,000,079 | ---- | C] () -- C:\Windows\EWF545.ini

[2013/11/23 21:27:47 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat

[2013/11/23 21:26:02 | 000,000,058 | ---- | C] () -- C:\Windows\TLCAPPS.INI

[2013/11/23 12:37:45 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

[2013/11/23 12:33:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

[2013/11/23 12:22:08 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe

[2013/11/06 16:42:12 | 000,005,360 | ---- | C] () -- C:\Windows\System32\AdpeakProxy.ini

[2013/11/06 16:32:48 | 000,002,312 | ---- | C] () -- C:\Windows\System32\AdpeakProxyOff.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 23:50:29 | 011,315,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/11/23 23:36:47 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2014/07/25 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Dropbox

[2014/05/07 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Epson

[2014/06/26 08:48:04 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\iolo

[2014/04/26 09:39:51 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\ioloGovernor

[2013/12/13 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Leadertech

[2014/07/25 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\newnext.me

[2014/03/10 07:16:21 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Oracle

[2014/01/05 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\SaveSense

[2014/07/08 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Search Protection

[2014/07/14 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Spotify

[2014/06/26 10:44:09 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\SystemRequirementsLab

[2014/07/28 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\uTorrent

[2014/07/09 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\XBMC

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe

[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2013/11/23 23:47:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2013/11/23 23:47:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2014/04/25 14:13:48 | 004,818,904 | ---- | M] (Safer-Networking Ltd.) MD5=CFA31529D7102F09309DDCDD223449AE -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SERVICES.EXE >

[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe

[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

< MD5 for: SVCHOST.EXE >

[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe

[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >

[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe

[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >

[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe

[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========

SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)

SRV - [2006/11/02 05:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)

SRV - [2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)

SRV - [2013/11/23 22:31:20 | 000,750,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)

SRV - [2006/11/02 05:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)

SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)

SRV - [2013/12/02 18:57:10 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)

SRV - [2006/11/02 05:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)

SRV - [2006/11/02 05:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)

SRV - [2013/11/23 23:36:51 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)

SRV - [2006/11/02 05:46:03 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)

SRV - [2013/11/23 23:25:35 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)

SRV - [2006/11/02 05:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)

SRV - [2006/11/02 05:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)

SRV - [2006/11/02 05:46:05 | 000,286,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)

SRV - [2013/11/24 00:13:00 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)

No service found with a name of MsMpSvc

No service found with a name of NisSrv

SRV - [2006/11/02 05:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)

SRV - [2006/11/02 05:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)

SRV - [2006/11/02 05:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)

SRV - [2006/11/02 05:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)

SRV - [2006/11/02 05:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)

SRV - [2006/11/02 05:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)

SRV - [2013/11/23 23:38:22 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)

SRV - [2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)

SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)

SRV - [2006/11/02 08:34:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)

SRV - [2006/11/02 05:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)

SRV - [2006/11/02 05:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)

SRV - [2013/11/23 23:36:51 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)

SRV - [2006/11/02 05:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)

SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)

SRV - [2006/11/02 08:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)

SRV - [2006/11/02 05:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)

SRV - [2006/11/02 05:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)

SRV - [2007/08/24 20:39:59 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)

SRV - [2013/11/23 23:38:16 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)

SRV - [2006/11/02 05:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)

SRV - [2006/11/02 05:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)

SRV - [2006/11/02 05:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)

SRV - [2006/11/02 05:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)

SRV - [2006/11/02 05:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)

SRV - [2006/11/02 05:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)

SRV - [2006/11/02 08:36:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)

SRV - [2007/08/24 20:39:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/11/02 05:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)

SRV - [2007/08/24 20:43:42 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)

SRV - [2006/11/02 08:34:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)

SRV - [2006/11/02 05:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)

SRV - [2006/11/02 05:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)

SRV - [2006/11/02 05:46:16 | 001,568,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)

SRV - [2006/11/02 05:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)

SRV - [2013/11/24 00:09:49 | 000,502,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)

SRV - [2013/11/23 23:57:21 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: TOSHIBA MK2035GSS ATA Device

Partitions: 2

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -

Interface type:

Media Type:

Model: MemoryStick0 Device

Partitions: 0

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -

Interface type:

Media Type:

Model: SD1 Device

Partitions: 0

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 7.00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 179.00GB

Starting Offset: 8035237888

Hidden sectors: 0

< End of report >

OTL Extras logfile created on: 7/28/2014 7:48:23 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JA\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.32% Memory free

6.16 Gb Paging File | 3.32 Gb Available in Paging File | 53.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.83 Gb Total Space | 131.72 Gb Free Space | 73.65% Space Free | Partition Type: NTFS

Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E5B0F92-DF68-4D64-857D-835841120EB5}" = lport=138 | protocol=17 | dir=in | app=system |

"{1DC52703-A645-44B2-B4E8-43B3ABA5C40A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{27B3E4BC-CF69-4853-9045-0449F1A23DC5}" = rport=139 | protocol=6 | dir=out | app=system |

"{2BBC46C5-2653-4E5E-88E0-C7E673646017}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{31CC533D-8607-4382-8CC6-D1234C8B2792}" = lport=139 | protocol=6 | dir=in | app=system |

"{48F4FA66-A148-4A6C-B944-CA07EFEED346}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4ABBC0F6-2BC6-46E7-BAE6-B88E7C4F381D}" = rport=445 | protocol=6 | dir=out | app=system |

"{5111B1AE-9FEC-4DAF-ACBF-41CB06A3E2F8}" = lport=445 | protocol=6 | dir=in | app=system |

"{61568BE0-B3E0-465A-A022-52DA81F5A574}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

"{6908F1A1-761F-4988-B8F6-1C2FCF6CBD6D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6A595D86-708C-4E59-BBDB-71104C09BA45}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6F4B68D6-23A9-4ADF-8CC4-84E96397288B}" = rport=137 | protocol=17 | dir=out | app=system |

"{84EEEE6D-BE67-49F2-A086-B9055B09F75A}" = rport=138 | protocol=17 | dir=out | app=system |

"{9E46F696-7FF5-4E24-93FA-9E62D95CB671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ACA00CFA-8A20-46A3-A30D-3215FA1AFCEB}" = lport=137 | protocol=17 | dir=in | app=system |

"{CA1C7324-812A-4114-8661-C316B1C509BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D685E640-DB28-44A2-AE33-4CF4CD85B890}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D69D185F-716B-44A6-8EDA-21F05F701D9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F2AEDCA7-C515-45B2-B199-8E254A8B85AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F823930B-420E-47CA-ADF2-AC5C33F1C771}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{135CA2F5-F78A-4ED1-8FE9-639D76D98629}" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"{1654C333-3D16-4989-B0D3-32534605423D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{24D6E977-9D39-4AF5-AC26-EE08D89A72DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{31D52F28-E38B-41DB-8518-EB87E00098A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{330D4E74-6143-4C9E-8E76-B16D662369C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{35C6DA2B-57F5-490F-BB1C-7BD060B6CC19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4B89D9C7-0082-41BC-8FCF-BD02B03CE63F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5ED1125D-EBF0-44CD-911A-1D52801239BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6E523B4C-3E7C-4BED-ABB3-A381A594CA2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7A7F9325-BDCB-447E-9079-7F4CBB1F566E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7B307A5D-49F7-404B-8EAE-FB8B35CF07BD}" = protocol=6 | dir=out | app=system |

"{7F6AEDAF-FBB2-4054-93FF-9C1880EE8E1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{87739FD6-DA3E-472B-85FC-5309BD49EF4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{89EA0DE0-EE8C-4A1F-B2A2-434A49880867}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{8DEA68B7-B99E-4B9B-BA44-5F010D638564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{91290ED8-331D-49FA-A70E-D7B149A7AB79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A8E41BE1-0EC9-4C14-96D7-BFF11189F0C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A9C89538-64B4-466E-A030-FA6863A3636B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B057F32F-D2B9-4CAE-8AAA-23FC18D3F2E3}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{B1ABFC9C-1A10-4355-9625-41853C111AE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B98E92C8-B261-4C6D-B4FA-6638C8912817}" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\dropbox\bin\dropbox.exe |

"{CB9413CF-64D8-4E99-B4BC-CE0F6A4F5432}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{D11A8809-A5A7-4CBC-8513-D75721434497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DF0070DB-2E53-44AF-A7D1-F9F4B0988D74}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E999595B-2611-47B9-A23A-983E218C9BDE}" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"{EE839B70-A74D-4F76-9602-B79B36C3BEFF}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |

"{F45380A7-DC69-4EB7-92E4-91B2032A3830}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F8157235-999D-4187-B84C-05E86B0FFB8F}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |

"{FDDEEE1D-85E4-4139-89C9-42D82284E716}" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{2562908E-C3FC-4F9B-949B-67BEFDF2DDD2}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"TCP Query User{46104669-E7DE-43D8-8BE9-D04C48A11CF9}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"TCP Query User{548586BF-E1B5-4AD0-B7B4-3BBBFB2F7E5D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"TCP Query User{769C7F4E-972B-45D8-9EFA-A6D625AA2202}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe |

"TCP Query User{94491450-CEEC-4423-AA6D-048B6EF2B4C8}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |

"TCP Query User{B4B89A56-93EB-4C31-882C-8ECE0EFD695E}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe |

"TCP Query User{E0B7CE55-CCED-410C-99D7-938AA49DDD18}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |

"TCP Query User{E43FDD0D-279E-460B-9F2E-433A51A13AE7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{3A6B3317-71B5-4270-B8B8-D7F19164E965}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{8E06CD04-6F71-4B8E-9BBF-97808D1054D8}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe |

"UDP Query User{960CA55C-CDF7-402B-B689-8744E17089CD}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"UDP Query User{969F3E08-EC04-4E48-875B-A7251ABC1BBF}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe |

"UDP Query User{9F36B833-BB71-4AE4-AF13-24D823E2B1FD}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe |

"UDP Query User{AB2FD7D9-86E4-4A52-AEA8-12499F9D9B75}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |

"UDP Query User{BD744AF9-672E-47EA-87C5-9CA3700E767B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{CFBD8031-DF6B-49B5-80CE-6AAE41AC820E}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper

"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel

"{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire

"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE

"{1E5E7177-5156-4541-B8D5-B0C7E9064329}" = System Mechanic 12 Professional

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support

"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55

"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services

"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility

"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{359DF682-BC8F-429D-AB6D-3C8002099F38}" = VAIO Content Metadata Intelligent Analyzing Manager

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0

"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0

"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter

"{5F189DF5-2D05-472B-9091-84D9848AE48B}{32148148}" = PC_Sustainer 1.80

"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library

"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" =

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter

"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16

"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support

"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management

"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service

"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI

"{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer

"{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}" = LeapFrog Connect

"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper

"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home

"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional

"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard

"{BFB2410B-5DB8-4FA6-BC75-65A1DECD55B5}" = YiHi SXi

"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media

"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool

"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player

"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

"{E58AB36F-9D50-4969-9228-AC24270741BF}" = VAIO Content Metadata Intelligent Analyzing Manager

"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio

"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode

"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center

"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00

"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story

"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager

"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager

"{FC161371-B8B2-4BA7-97F7-82319C76333E}" = LeapFrog Tag Junior Plugin

"{FDB962F0-B5B8-9460-D12F-7966E97BAA43}" = pricechop

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)

"UPCShell" = LeapFrog Connect

"VAIO Service Utility" = VAIO Service Utility

"VCDS Release 12.12" = VCDS Release 12.12.2

"WinRAR archiver" = WinRAR 5.10 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Search Protection" = Search Protection

"Spotify" = Spotify

"uTorrent" = µTorrent

"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/28/2014 11:25:27 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5148

Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6178

Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6178

Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7192

Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7192

Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8222

Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8222

[ iolo Applications Events ]

Error - 6/17/2014 4:04:56 AM | Computer Name = Malachi-PC | Source = System Shield | ID = 20

Description = Failed to install DAT file C:\ProgramData\iolo\System Shield\antivir-i-201406162210.cab

Error

message: Unspecified error

Error - 6/17/2014 6:15:55 PM | Computer Name = Malachi-PC | Source = Service Manager | ID = 1

Description = Exception occured on service shutdown Error message: System Error.

Code: 1115. A system shutdown is in progress

Error - 6/17/2014 7:22:11 PM | Computer Name = Malachi-PC | Source = System Shield | ID = 11

Description = The definition downloading job failed. Job name: Defs update Error code:

-2147012894

[ System Events ]

Error - 5/11/2014 8:55:59 AM | Computer Name = Malachi-PC | Source = DCOM | ID = 10016

Description =

Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 5/11/2014 8:56:26 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7032

Description =

Error - 5/11/2014 8:56:44 AM | Computer Name = Malachi-PC | Source = DCOM | ID = 10016

Description =

Error - 5/14/2014 5:48:00 PM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 5/15/2014 8:50:20 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836

Description =

Error - 5/15/2014 9:01:10 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836

Description =

Error - 5/15/2014 9:05:18 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836

Description =

< End of report >

#5 OCD

SuperHelper

Malware Team
5,574 posts

Posted 28 July 2014 - 10:17 PM

Hi raymon823,

Did you run ComboFix on 07/26/2104?
What Anti-Virus program are you using?
Is there any particular reason why you don't have either Vista Service Pack 1 & 2 (SP1 & 2) installed?

=========================

Run OTL.exe

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
PRC - C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
O2 - BHO: (pricechop) - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {45504E32-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKCU..\Run: [SearchProtection] C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
[2014/07/21 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\pricechop
[2014/07/21 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\pricechop
[2014/07/08 14:48:33 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Search Protection

:Files
C:\Windows\system32\drivers\nkrxvarp.sys
C:\Users\JA\AppData\Roaming\uTorrent

:Services
nkrxvarp

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:

Answer to my questions
OTL fix log
Fresh OTL.txt
How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#6 raymon823

Authentic Member

Authentic Member
37 posts

Posted 29 July 2014 - 01:02 PM

Yes I did run combo fix, I did have avast antivirus free version. I have noton 360 but this pc is missing the serice pacs needed. As far as why they are missing Im not sure, I have automatic updates on but its not working. The last time I installed them manually something went wrong and I had to wipe my hard drive and start from scratch.

OTL logfile created on: 7/29/2014 2:48:16 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JA\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.49% Memory free

6.16 Gb Paging File | 3.98 Gb Available in Paging File | 64.68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.83 Gb Total Space | 130.01 Gb Free Space | 72.70% Space Free | Partition Type: NTFS