Premier Opinion

View previous topic View next topic Go down

Premier Opinion

Post by karananand on Sun 02 Mar 2014, 9:55 am

Got this virus, since then Windows update does not work. Computer is really slow when the internet is on and and windows validation pops-up even when the windows is a genuine version.


# AdwCleaner v3.020 - Report created 01/03/2014 at 16:31:02
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : karan - KARAN-VAIO
# Running from : C:\Users\karan\Downloads\Temp\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\user.js
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\karan\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\smarttweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2580 octets] - [23/02/2014 10:59:52]
AdwCleaner[R1].txt - [2293 octets] - [01/03/2014 16:31:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2353 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.02.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
karan :: KARAN-VAIO [administrator]

01/03/2014 12:22:47 AM
mbam-log-2014-03-01 (00-22-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 634400
Time elapsed: 2 hour(s), 31 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\PremierOpinion (Trojan.Agent) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Users\karan\Downloads\Drivers\ALL WORKING ACTIVATORS windows7\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe (Trojan.Agent.W) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Office and related Software\Crack\mini-KMS_Activator_v1.3_Office_2010_VL_ENG.exe (Riskware.Crk) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Office and related Software\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (Riskware.Crk) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\FinePrint PdfFactory Pro v3.50 x64 Incl Keymaker-ZWT\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\snagit\TechSmith SnagIt v9.1.0 Incl Keygen [Systic-D]\Crack\Keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\Windows 8 Pro Retail (Final)\Activator\P8_v25.exe (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\nscf.dat (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.44 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Sun 02 Mar 2014, 11:06 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Sun 02 Mar 2014, 5:14 pm

OTL logfile created on: 02/03/2014 12:47:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.49% Memory free
7.68 Gb Paging File | 6.53 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.53 Gb Total Space | 178.94 Gb Free Space | 60.35% Space Free | Partition Type: NTFS

Computer Name: KARAN-VAIO | User Name: karan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/02 00:43:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
PRC - [2014/02/16 18:47:15 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/16 18:47:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/05 08:06:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/16 18:47:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/09/25 00:35:56 | 001,369,136 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/10/25 17:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 17:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 15:13:22 | 000,312,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV:64bit: - [2009/09/02 18:45:08 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/08/22 14:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2014/02/15 15:07:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/09 09:59:38 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/24 21:27:26 | 000,048,640 | ---- | M] (Menten Holdings Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\NPVR\NRecord.exe -- (NPVR Recording Service)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/29 00:10:28 | 000,048,128 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe -- (UWS HiPriv Services)
SRV - [2012/09/29 00:10:24 | 000,064,512 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe -- (UltiDev Web Server Pro)
SRV - [2012/09/29 00:10:24 | 000,044,032 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe -- (UWS LoPriv Services)
SRV - [2012/08/24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Disabled | Stopped] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2012/03/30 06:26:52 | 000,237,328 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony)
SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/12/16 14:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 15:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/31 15:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/16 18:47:19 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/16 18:47:19 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/16 18:47:19 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/16 18:47:19 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/16 18:47:19 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/05 08:07:03 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/12/05 08:07:02 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/06/04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/02/14 08:44:53 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/05/01 06:48:12 | 000,649,360 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw10bda.sys -- (hcw10bda)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:11:16 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/10 00:29:16 | 000,046,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcw10cir.sys -- (hcw10cir)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/10/05 08:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/04 20:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/08/03 15:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 15:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 15:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 15:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 15:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 15:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/27 15:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 00:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 15:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/16 20:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: csharpformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: javaformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: pythonformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: rubyformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: savedpasswords%40adamfranco.com:1.2.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Ba6fd85ed-e919-4a43-a5af-8da18bda539f%7D:2.4.0
FF - prefs.js..extensions.enabledAddons: %7Bf36c6cd1-da73-491d-b290-8fc9115bfa55%7D:3.0.8
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.14
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/16 18:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/16 14:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Extensions
[2014/02/21 22:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions
[2013/04/17 20:05:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/02/21 22:13:45 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/11/28 19:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/02/16 15:18:42 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\FasterFox_Lite@BigRedBrent
[2013/05/20 17:00:17 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\foxmarks@kei.com
[2013/10/07 00:14:54 | 000,007,893 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\csharpformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,014,127 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\javaformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,007,756 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\pythonformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,014,202 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\rubyformatters@seleniumhq.org.xpi
[2013/02/16 15:18:39 | 000,030,097 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\savedpasswords@adamfranco.com.xpi
[2013/02/16 15:00:37 | 000,652,540 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}.xpi
[2014/02/16 21:58:51 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/07 00:14:54 | 000,720,667 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi
[2014/01/24 19:34:36 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/16 15:18:37 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2014/02/16 21:58:51 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/02 20:52:16 | 000,799,362 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi
[2014/02/15 15:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 15:07:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/01 18:02:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.7.0_40)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.51.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85DCD85-4F6B-4937-BA9F-53DF3A8FB3BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\XBMCLauncher\XbmcLauncher.exe (Microsoft)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\XBMCLauncher\XbmcLauncher.exe (Microsoft)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 00:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
[2014/02/23 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\karan\AppData\Roaming\Malwarebytes
[2014/02/23 11:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/23 11:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/23 11:04:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/23 11:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/23 10:28:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/22 14:56:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/22 00:08:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/19 07:41:43 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Edited
[2014/02/19 07:41:15 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Download
[2014/02/19 07:40:27 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\bluetooth
[2014/02/19 07:40:07 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Attachments
[2014/02/19 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\DCIM
[2014/02/16 18:47:20 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/15 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/15 12:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/15 11:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/09 15:42:46 | 000,000,000 | ---D | C] -- C:\Users\karan\.android
[2014/02/09 15:37:37 | 000,000,000 | ---D | C] -- C:\Users\karan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2014/02/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2014/02/09 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2014/02/09 10:35:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 10:35:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 10:35:48 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 10:35:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 10:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/09 10:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2014/03/02 00:52:13 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 00:52:13 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 00:43:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
[2014/03/02 00:39:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 00:39:41 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 15:11:23 | 721,442,681 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/02/23 11:05:01 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/16 18:47:19 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/16 18:47:19 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/16 18:47:19 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/16 18:47:19 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/16 18:47:19 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/16 18:47:19 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/16 18:47:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/16 16:30:08 | 000,766,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/16 16:30:08 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/16 16:30:08 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/16 16:29:18 | 000,766,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/13 06:58:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 15:44:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/02/09 10:35:41 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 10:35:39 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 10:35:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 10:35:39 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 09:59:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/09 09:59:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/09 09:24:21 | 000,001,012 | ---- | M] () -- C:\Users\karan\SciTE.session
[2014/02/04 22:44:37 | 000,085,374 | ---- | M] () -- C:\Users\karan\Desktop\ppe_payment.png
[2014/02/04 22:41:23 | 000,427,843 | ---- | M] () -- C:\Users\karan\Desktop\PPE application.pdf
[2014/02/04 22:38:17 | 009,796,382 | ---- | M] () -- C:\Users\karan\Desktop\IMG_20140204_074458.pdf

========== Files Created - No Company Name ==========

[2014/02/23 15:11:23 | 721,442,681 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/23 11:05:01 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/09 15:44:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/02/04 22:44:36 | 000,085,374 | ---- | C] () -- C:\Users\karan\Desktop\ppe_payment.png
[2014/02/04 22:41:17 | 000,427,843 | ---- | C] () -- C:\Users\karan\Desktop\PPE application.pdf
[2014/02/04 22:36:27 | 009,796,382 | ---- | C] () -- C:\Users\karan\Desktop\IMG_20140204_074458.pdf
[2013/10/12 10:28:52 | 000,001,012 | ---- | C] () -- C:\Users\karan\SciTE.session
[2013/03/17 12:07:23 | 000,000,982 | ---- | C] () -- C:\Users\karan\.swfinfo
[2013/02/26 22:30:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/26 22:30:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/02/26 22:29:52 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/02/26 22:29:29 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2013/02/26 22:28:59 | 000,005,146 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/02/25 22:01:02 | 000,000,017 | ---- | C] () -- C:\Users\karan\AppData\Local\resmon.resmoncfg
[2013/02/18 18:04:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/02/16 21:42:17 | 000,000,061 | ---- | C] () -- C:\Users\karan\SciTEUser.properties
[2013/02/16 18:08:25 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/02/13 23:04:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/02/13 23:00:15 | 000,766,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/11 22:07:33 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2012/02/17 10:14:06 | 000,000,038 | ---- | C] () -- C:\Users\karan\abbrev.properties
[2012/02/17 09:02:02 | 000,000,000 | ---- | C] () -- C:\Users\karan\au3.keywords.user.abbreviations.properties
[2012/02/14 15:52:12 | 000,000,027 | ---- | C] () -- C:\Users\karan\au3UserAbbrev.properties
[2010/03/27 10:22:54 | 000,014,905 | ---- | C] () -- C:\Users\karan\au3abbrev.properties
[2010/01/02 16:16:12 | 000,000,111 | ---- | C] () -- C:\Users\karan\au3.UserUdfs.properties
[2010/01/02 16:15:50 | 000,000,000 | ---- | C] () -- C:\Users\karan\au3.user.calltips.api

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Sun 02 Mar 2014, 5:17 pm

OTL Extras logfile created on: 02/03/2014 12:47:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.49% Memory free
7.68 Gb Paging File | 6.53 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.53 Gb Total Space | 178.94 Gb Free Space | 60.35% Space Free | Partition Type: NTFS

Computer Name: KARAN-VAIO | User Name: karan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068381C2-01FC-40AA-B0EB-009E4A045119}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{157BC0BB-67B8-4EAF-B312-F1C7F04885D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{1763BC97-4DC0-478B-A90F-A68C06C91AB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DA1C1B5-5379-4540-817F-0BE11D6794E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F22CBC4-BFB1-4BD7-B902-292D2F45ECD3}" = lport=49944 | protocol=6 | dir=in | name=argus tv https (binary) |
"{1FE6AE33-FD8D-44B8-96EA-9EB04A5C58B6}" = lport=49941 | protocol=6 | dir=in | name=argus tv https (xml/rest) |
"{22BEAB22-3A3E-422E-9218-12629D17CA10}" = lport=8554 | protocol=6 | dir=in | name=argus tv streaming server (8554) |
"{2AE1745F-EAAF-4BB6-B6FA-B67A6F50D5BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B548649-A4F4-4851-98C2-223E6A6F16E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{399C49F1-A54A-4645-8401-E1F8F29C0991}" = lport=56777 | protocol=6 | dir=in | name=ultidev web server pro |
"{3DFE8C1C-8058-4FE3-806E-DAD0AFD1608F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{423BBAA1-5D91-4E74-B652-F8843CAEF3D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4362CB7D-4A25-4351-B327-E4E3F8BB8B8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{46AF83CF-7143-40B7-8A5A-58E1BCA8EA67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D0B40B4-3928-4A19-B835-B2E828F41678}" = lport=445 | protocol=6 | dir=in | app=system |
"{5388197F-B40A-4147-B5EA-AB3EF7AEBCCF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5410FE49-F8A5-4041-A333-A3B0998DE3EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56AF7891-1806-4FE3-9576-26DD882BC4C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D6BBD02-342E-4832-9915-080C27757FC2}" = lport=3306 | protocol=6 | dir=in | name=mysql |
"{619595C9-D521-45A5-B4A4-A59397964640}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6681EA42-E690-456C-8EB3-E84ED1EF609D}" = rport=138 | protocol=17 | dir=out | app=system |
"{66AFF9D1-3DBE-460F-AFC4-288C2ECC7955}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{695C6116-E188-414D-AB00-54E1C6117735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E11E49B-E411-4547-AA60-662A17E8757D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E96759C-E2BF-45C8-BD99-B66FBA803FD6}" = lport=7756 | protocol=6 | dir=in | name=ultidev web server pro |
"{701397CE-829D-48CF-8D76-FE2CC453E130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70570471-6F6A-4210-90C8-1B81A1B5F758}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{77CB07AE-0465-46A5-AD04-5496D8006B8A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7AB85D95-F4DC-4CA9-B30F-CE1A7113FC6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8011493E-009B-4A01-8692-83D1268C20F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8AC1D3B2-1536-4874-9657-8320C8E6FE75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DB767E9-0EC5-46F5-9947-321117514389}" = lport=5677 | protocol=6 | dir=in | name=ultidev web server pro |
"{9F28588B-AD74-4231-A0CC-000C1682BCB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A917C0DF-267E-4B04-9564-66915B7268E7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ABCEC98C-5BC8-430B-9611-517B0905A315}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B55B47E9-44A1-41C8-8987-F7FCE42E6F73}" = lport=554 | protocol=6 | dir=in | name=argus tv streaming server (554) |
"{B58AC404-2220-436C-B6FD-490FB6839F85}" = lport=49943 | protocol=6 | dir=in | name=argus tv http (xml/rest) |
"{BAA1AA5C-7407-41E4-95FB-B16A8DF003A4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BDEC4970-7721-41DB-829A-D5128ED013CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1FAA039-B207-4E5A-B3EF-22D1426C7043}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C24CC14C-A013-4566-B934-4E32536A86FD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E2C4A33F-1D50-4D7C-B228-67C2E177DF8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8844755-8701-4235-A341-491CCA5DF00D}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CD7939-1F0C-47BA-B2C3-B8C7F2B7FA10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A22B315-498C-47C7-937B-A39F5486A7FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C66AA66-BA40-4F3F-AA8A-848E75B2C5F9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DEF7852-A295-4CF9-9FA7-451B3199872F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{123D9CDB-1543-49BD-8A5B-5A5A1368E1E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{140BD3EA-5C23-4053-A953-AF0218C39C49}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{14EFC57C-FA74-4368-B241-3D638298A8D3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{16D644DF-058F-474B-AB9F-CE7989ED8445}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{2078E00C-8304-4A8B-98BA-984E128A5C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22052AB0-A324-408A-BB33-5E6B4DEFD413}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{23ED1BA0-4092-4989-A42F-CD7F1C82A3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2820FE32-98CC-4460-BB1C-D23C6555ADD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2826D96C-F516-4BF8-9513-C15F555EC419}" = protocol=6 | dir=out | app=system |
"{2DEA48B0-7905-473F-A740-00DAEA0AFE23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E20BDD7-1A83-4F62-AAFF-928AFC989268}" = protocol=58 | dir=in | app=system |
"{2E518A26-F556-4D02-8F59-78FC6DB8099B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B955720-149B-4918-9F8C-F610F51D9FC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41BA1315-4C18-4F82-BC71-98D891A9F540}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43F38EDE-FB80-4383-873B-D678A8BAECE0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4655BE38-4467-4613-B3BC-6A74E6C8F413}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{500F4C77-0A45-4C10-933B-341858CB66AE}" = protocol=6 | dir=in | app=c:\users\karan\appdata\roaming\utorrent\utorrent.exe |
"{59820360-D4E3-4F7B-B91F-18E81C02F8C2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6173949A-53E0-4B6F-8F49-6E31A680FB53}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{6464B585-050D-43F3-AB94-A2E2DF7CCADB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68E1AF98-1F1C-47F5-8524-C04CB1E62C41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B8E8465-CA1D-4D43-B641-BE360A3EE2E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8FB97576-1370-48FE-A0A8-2591DE2FA663}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A256055B-487B-447F-B752-187F13B7D832}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{A2D14C2B-E2FA-4E75-ACDE-113B9485A4DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD3381DA-37A3-4B47-ABEC-D85FB5F3B923}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD66CBC7-FB61-4D7B-9085-A9F9252451CA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CFA7BE56-E4C8-4B7D-8A83-F1C139AB8E4D}" = protocol=17 | dir=in | app=c:\users\karan\appdata\roaming\utorrent\utorrent.exe |
"{DF507CD4-7D3D-4F20-86E8-9C6013DD070A}" = dir=in | app=c:\users\karan\appdata\local\microsoft\skydrive\skydrive.exe |
"{E3C3975F-0B13-4275-86A7-D796EF4C617D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E59418C2-C66D-4DC5-A1DC-E21B3446D01C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E596F791-5E9B-418D-B788-531740E56112}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E60018B5-FA51-4823-8E15-C05AF233CAA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EEE1913C-8747-4656-BBEF-E44B7A347DB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{F231DE6C-13EB-43E7-A590-7ED83A3BEA5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F26EECCA-8768-4034-893C-4AA3BBE42E86}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{F65F22B7-7E72-4E71-999C-3387973108E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5D897F-F2B1-462D-A9D3-927EDB8E94B6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"TCP Query User{15A9A29E-522D-4A9E-90E3-37553082F92C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{49F53EFD-8359-48FA-9AF2-2829B8654C4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5B1724EF-CA70-4CC3-B266-BDF1427439F4}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{6EB87AC6-F537-47CB-A7A2-4FCC098E0404}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{89CE43B4-5DE0-4687-A455-7BCF83AF6915}C:\program files (x86)\soundmaven\soundmaven.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soundmaven\soundmaven.exe |
"TCP Query User{8AA983E2-1524-41F3-B425-28F6EDA30E99}C:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe" = protocol=6 | dir=in | app=c:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe |
"TCP Query User{B8EE89F8-C066-4DD6-976A-43405803E80D}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"UDP Query User{59EF50A3-72E2-4E09-A21E-5D6B15A69ECD}C:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe" = protocol=17 | dir=in | app=c:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe |
"UDP Query User{75B0C286-8123-49F9-B34B-75C642DBED7F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{786A6CAC-99FA-4DDC-8C15-9201EBA7A4D8}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{7D873FB2-47A6-45EA-AA4E-9D01E90AD6DF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9A0C7D4C-40DF-408C-90C0-AC989762BE95}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{C7754D3E-0B0C-44BF-8B55-5C61AECA9F0F}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"UDP Query User{E7AB6048-24F5-4888-8615-83B5C2BA9D2C}C:\program files (x86)\soundmaven\soundmaven.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soundmaven\soundmaven.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{501B62C1-B2B6-472F-A1CC-850E2C34FB50}" = FileBot
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{98C0896D-2367-4D73-A4D1-8A04E83B0828}" = Setup_VEP_x64_Contain_SSDB_VCSW
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}" = VAIO Care
"{F8B40DB4-FD07-4368-AA57-34F2B0839683}" = VAIO Content Metadata Intelligent Analyzing Manager
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"Speccy" = Speccy
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{0183D8B5-50C7-4A7D-89F8-C5FAB707E615}" = Quicken 2013
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Function Settings
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = VAIO Content Monitoring Settings
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.6
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Helium
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAD84D4A-DE51-42A1-964B-E80013272D55}" = XBMCIntegration
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F60DFD1A-209E-4E12-9CF1-70820249A0C3}" = UltiDev Web Server Pro
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AutoIt Debugger" = AutoIt Debugger 0.45.1
"AutoItv3" = AutoIt v3.3.6.1
"avast" = avast! Free Antivirus
"FileHippo.com" = FileHippo.com Update Checker
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NextPVR" = NextPVR
"PowerISO" = PowerISO
"SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012
"splashtop" = VAIO Quick Web Access
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XMBCLauncher" = XMBCLauncher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Qt" = Qt
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/03/2014 1:30:11 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:30:44 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:32:58 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:39:09 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:42:16 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:44:25 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:46:31 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:47:05 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:47:54 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:53:01 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

[ System Events ]
Error - 02/03/2014 1:37:16 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The VUAgent service failed to start due to the following error: %%1053

Error - 02/03/2014 1:37:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VUAgent
service to connect.

Error - 02/03/2014 1:37:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The VUAgent service failed to start due to the following error: %%1053

Error - 02/03/2014 1:39:15 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The Hauppauge CIR Receiver service failed to start due to the following
error: %%1058

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService
service to connect.

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The HsfXAudioService service failed to start due to the following
error: %%1053

Error - 02/03/2014 1:42:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 02/03/2014 1:43:19 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X64 service to connect.

Error - 02/03/2014 1:53:01 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147023436


< End of report >

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Mon 03 Mar 2014, 3:45 am

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Does the PremierOpinion keep re-appearing?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Mon 03 Mar 2014, 1:32 pm

After I had it uninstalled, PremierOpinion did not reappear, but my laptop gets slow when the internet is turned on and windows update fails every time. See log below

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\20131027\addons\packages\plugin.video.crackle-0.1.1.zip
c:\20131027\addons\plugin.video.crackle\addon.xml
c:\20131027\addons\plugin.video.crackle\changelog.txt
c:\20131027\addons\plugin.video.crackle\default.py
c:\20131027\addons\plugin.video.crackle\resources\settings.xml
c:\20131027\addons\plugin.video.crackle\resources\__init__.py
c:\20131027\addons\plugin.video.crackle\resources\__init__.pyo
c:\20131027\addons\plugin.video.crackle\resources\language\english\strings.xml
c:\20131027\addons\plugin.video.crackle\resources\lib\addon.py
c:\20131027\addons\plugin.video.crackle\resources\lib\addon.pyo
c:\20131027\addons\plugin.video.crackle\resources\lib\crackle.py
c:\20131027\addons\plugin.video.crackle\resources\lib\crackle.pyo
c:\20131027\addons\plugin.video.crackle\resources\lib\__init__.py
c:\20131027\addons\plugin.video.crackle\resources\lib\__init__.pyo
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.h
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.idl
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\sslkeygenerator.h
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\blackberry\sslkeygeneratorblackberry.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\chromium\sslkeygeneratorchromium.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\mac\sslkeygeneratormac.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\win\sslkeygeneratorwin.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\wx\sslkeygeneratorwx.cpp
c:\qt\5.1.1\src\qtwebkit\source\webkit\mac\webcoresupport\webkeygenerator.h
c:\qt\5.1.1\src\qtwebkit\source\webkit\mac\webcoresupport\webkeygenerator.mm
c:\qt\5.1.1\src\qtwebkit\tools\testwebkitapi\tests\webkit2\win\altkeygenerateswmsyscommand.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\generated\jshtmlkeygenelement.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\generated\jshtmlkeygenelement.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.idl
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\platform\sslkeygenerator.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\platform\mac\sslkeygeneratormac.cpp
c:\users\karan\downloads\office and related software\crack\microsoft office 2010 final 14.0.4760.1000 activation crack step by step.flv
c:\users\karan\downloads\office and related software\crack\office key remover.exe
c:\users\karan\downloads\office and related software\crack\read.txt
c:\users\karan\downloads\office and related software\crack\sn.txt
c:\users\karan\downloads\office and related software\crack\torrent downloaded from demonoid.com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\read me.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\snagit.exe
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\torrent_downloaded_from_demonoid.com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\tracked_by_h33t_com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\crack\thumbs.db
scanner sequence 3.ZZ.11.UOAPKZ
----- EOF -----

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Tue 04 Mar 2014, 1:53 am

Hello.
MBAM detected a few cracks/keygens and CKScanner shows a few more.

Keygens & cracks can be extremely dangerous and aren't always what they appear to be. I recommend deleting any you have as they could be infected.

Lets see what this program says about Windows Updates.

Please download FSS

  1. Download & run the program.
  2. Make sure all the boxes and ticked & hit Scan.
  3. Once complete, attach the log in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Tue 04 Mar 2014, 2:31 pm

I removed them as recommended.

I get windows activation pop-up stating I dont have genuine Windows. The error code is 0x8004fe21. Once I click the link "Resolve it online", the windows validation program runs and states that some windows files are missing or corrupt or I may be using a non-genuine version of windows. However that is not the case, I am using the original shipped version of Windows that came installed on my VAIO.

See log below:

Farbar Service Scanner Version: 25-02-2014
Ran by karan (administrator) on 03-03-2014 at 22:23:22
Running from "C:\Users\karan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Wed 05 Mar 2014, 1:18 am

FSS says your Windows Updates is good, but please run this next tool.

Download MGADiag from here

It will make a report once it's finished.
Please attach the log instead of posting it by pressing the Post Reply button to access the attach feature.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

MGA log

Post by karananand on Thu 06 Mar 2014, 12:20 am

see attached

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Thu 06 Mar 2014, 12:52 am

I don't think it attached correctly.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Thu 06 Mar 2014, 12:15 pm

oops
Attachments
MGA.txt You don't have permission to download attachments.(7 Kb) Downloaded 4 times

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Fri 07 Mar 2014, 2:23 am

Hello.
That got us 1 step closer.

The log does show me your OS is valid and your key is still there which is good news, but it also shows some of your system files have been tampered with, so we may need to repair those.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Sat 08 Mar 2014, 12:29 am

I tried to run the command from the search bar once the start button is clicked; but I got an error. So I assumed that the command has to be entered when combofix starts and I will have an option to select the /stepdel argument. Combofix ran and created the log. Then I realized that you are pointing to "commy.exe" which I could not find. Combofix downloaded as Combofix.exe. So I reran combofix using the following command from a terminal: "%userprofile%\desktop\combofix.exe" /stepdel

I have attached both logs herein.
Combofix1 is without the /stepdel argument
Combofix2 is with the /stepdel arg
Attachments
ComboFix1.txt Without /stepdel argYou don't have permission to download attachments.(67 Kb) Downloaded 2 times
ComboFix2.txt With /stepdelYou don't have permission to download attachments.(24 Kb) Downloaded 2 times

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Sat 08 Mar 2014, 10:03 am

Hello.
Okay that looks good, the files weren't tampered with by malware or anything bad, probably just a corruption.

Now open a new notepad file.
Input this into the notepad file:

@echo off
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
exit

Save this as run.bat, save it to your desktop.
Right click run.bat > run as administrator. A black command window will open, run the script and close again.

No log will be produced this time. Go to C:\windows\system32 and confirm catroot2 is now called catroot2.old.

If so, try Windows Updates again and see what happens this time & report back.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Sun 09 Mar 2014, 2:42 am

catroot2 dir was renamed to catroot2.old
there is also a folder called catroot.
SoftwareDistribution dir was not renamed but copied (both dir existed SoftwareDistribution and SoftwareDistribution.old

Still get the Windows update error.
Code: 8000FFFF

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Mon 10 Mar 2014, 3:36 am

Try the MS FixIt from here:
[You must be registered and logged in to see this link.]

Try updates again after running the fixit and let me know how it goes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Tue 11 Mar 2014, 2:44 pm

Did not work    

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Wed 12 Mar 2014, 1:12 am

Hello.
Do you have the install CD for this computer? we can try a repair install.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by karananand on Wed 12 Mar 2014, 1:19 pm

yes I do. I hope I can do repair install without loosing installed items and data.

karananand

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2009-05-06
Operating System : XP

View user profile

Back to top Go down

Re: Premier Opinion

Post by Belahzur on Thu 13 Mar 2014, 12:09 pm

[You must be registered and logged in to see this link.]

See the second part of the article. Read carefully, you want repair install, not a fresh install.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Premier Opinion

Post by Sponsored content Today at 7:59 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum