WiredWX Hobby Weather ToolsLog in

 


Premier Opinion

2 posters

descriptionPremier Opinion EmptyPremier Opinion

more_horiz
Got this virus, since then Windows update does not work. Computer is really slow when the internet is on and and windows validation pops-up even when the windows is a genuine version.


# AdwCleaner v3.020 - Report created 01/03/2014 at 16:31:02
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : karan - KARAN-VAIO
# Running from : C:\Users\karan\Downloads\Temp\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\user.js
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\karan\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\smarttweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2580 octets] - [23/02/2014 10:59:52]
AdwCleaner[R1].txt - [2293 octets] - [01/03/2014 16:31:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2353 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
karan :: KARAN-VAIO [administrator]

01/03/2014 12:22:47 AM
mbam-log-2014-03-01 (00-22-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 634400
Time elapsed: 2 hour(s), 31 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\PremierOpinion (Trojan.Agent) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Users\karan\Downloads\Drivers\ALL WORKING ACTIVATORS windows7\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe (Trojan.Agent.W) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Office and related Software\Crack\mini-KMS_Activator_v1.3_Office_2010_VL_ENG.exe (Riskware.Crk) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Office and related Software\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (Riskware.Crk) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\FinePrint PdfFactory Pro v3.50 x64 Incl Keymaker-ZWT\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\snagit\TechSmith SnagIt v9.1.0 Incl Keygen [Systic-D]\Crack\Keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\Users\karan\Downloads\Other Misc\Windows 8 Pro Retail (Final)\Activator\P8_v25.exe (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\nscf.dat (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.44 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
OTL logfile created on: 02/03/2014 12:47:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.49% Memory free
7.68 Gb Paging File | 6.53 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.53 Gb Total Space | 178.94 Gb Free Space | 60.35% Space Free | Partition Type: NTFS

Computer Name: KARAN-VAIO | User Name: karan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/02 00:43:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
PRC - [2014/02/16 18:47:15 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/16 18:47:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/05 08:06:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/16 18:47:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/09/25 00:35:56 | 001,369,136 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/10/25 17:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 17:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 15:13:22 | 000,312,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV:64bit: - [2009/09/02 18:45:08 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/08/22 14:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2014/02/15 15:07:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/09 09:59:38 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/24 21:27:26 | 000,048,640 | ---- | M] (Menten Holdings Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\NPVR\NRecord.exe -- (NPVR Recording Service)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/29 00:10:28 | 000,048,128 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe -- (UWS HiPriv Services)
SRV - [2012/09/29 00:10:24 | 000,064,512 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe -- (UltiDev Web Server Pro)
SRV - [2012/09/29 00:10:24 | 000,044,032 | ---- | M] (UltiDev LLC) [Disabled | Stopped] -- C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe -- (UWS LoPriv Services)
SRV - [2012/08/24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Disabled | Stopped] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2012/03/30 06:26:52 | 000,237,328 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony)
SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/12/16 14:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 15:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/31 15:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/16 18:47:19 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/16 18:47:19 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/16 18:47:19 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/16 18:47:19 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/16 18:47:19 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/05 08:07:03 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/12/05 08:07:02 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/06/04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/02/14 08:44:53 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/05/01 06:48:12 | 000,649,360 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw10bda.sys -- (hcw10bda)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:11:16 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/10 00:29:16 | 000,046,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcw10cir.sys -- (hcw10cir)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/10/05 08:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/04 20:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/08/03 15:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 15:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 15:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 15:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 15:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 15:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/27 15:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 00:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 15:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/16 20:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: csharpformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: javaformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: pythonformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: rubyformatters%40seleniumhq.org:2.4.0
FF - prefs.js..extensions.enabledAddons: savedpasswords%40adamfranco.com:1.2.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Ba6fd85ed-e919-4a43-a5af-8da18bda539f%7D:2.4.0
FF - prefs.js..extensions.enabledAddons: %7Bf36c6cd1-da73-491d-b290-8fc9115bfa55%7D:3.0.8
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.14
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/16 18:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/16 14:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Extensions
[2014/02/21 22:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions
[2013/04/17 20:05:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/02/21 22:13:45 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/11/28 19:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/02/16 15:18:42 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\FasterFox_Lite@BigRedBrent
[2013/05/20 17:00:17 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\foxmarks@kei.com
[2013/10/07 00:14:54 | 000,007,893 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\csharpformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,014,127 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\javaformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,007,756 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\pythonformatters@seleniumhq.org.xpi
[2013/10/07 00:14:54 | 000,014,202 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\rubyformatters@seleniumhq.org.xpi
[2013/02/16 15:18:39 | 000,030,097 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\savedpasswords@adamfranco.com.xpi
[2013/02/16 15:00:37 | 000,652,540 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}.xpi
[2014/02/16 21:58:51 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/07 00:14:54 | 000,720,667 | R--- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi
[2014/01/24 19:34:36 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/16 15:18:37 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2014/02/16 21:58:51 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/02 20:52:16 | 000,799,362 | ---- | M] () (No name found) -- C:\Users\karan\AppData\Roaming\Mozilla\Firefox\Profiles\ov4u8ycb.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi
[2014/02/15 15:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 15:07:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/01 18:02:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 1.7.0_40)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85DCD85-4F6B-4937-BA9F-53DF3A8FB3BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\XBMCLauncher\XbmcLauncher.exe (Microsoft)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\XBMCLauncher\XbmcLauncher.exe (Microsoft)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 00:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
[2014/02/23 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\karan\AppData\Roaming\Malwarebytes
[2014/02/23 11:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/23 11:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/23 11:04:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/23 11:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/23 10:28:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/22 14:56:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/22 00:08:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/19 07:41:43 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Edited
[2014/02/19 07:41:15 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Download
[2014/02/19 07:40:27 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\bluetooth
[2014/02/19 07:40:07 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\Attachments
[2014/02/19 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\karan\Desktop\DCIM
[2014/02/16 18:47:20 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/15 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/15 12:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/15 11:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/09 15:42:46 | 000,000,000 | ---D | C] -- C:\Users\karan\.android
[2014/02/09 15:37:37 | 000,000,000 | ---D | C] -- C:\Users\karan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2014/02/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2014/02/09 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2014/02/09 10:35:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 10:35:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 10:35:48 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 10:35:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 10:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/09 10:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2014/03/02 00:52:13 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 00:52:13 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 00:43:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karan\Desktop\OTL.exe
[2014/03/02 00:39:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 00:39:41 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 15:11:23 | 721,442,681 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/02/23 11:05:01 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/16 18:47:19 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/16 18:47:19 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/16 18:47:19 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/16 18:47:19 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/16 18:47:19 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/16 18:47:19 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/16 18:47:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/16 16:30:08 | 000,766,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/16 16:30:08 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/16 16:30:08 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/16 16:29:18 | 000,766,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/13 06:58:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 15:44:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/02/09 10:35:41 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 10:35:39 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 10:35:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 10:35:39 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 09:59:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/09 09:59:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/09 09:24:21 | 000,001,012 | ---- | M] () -- C:\Users\karan\SciTE.session
[2014/02/04 22:44:37 | 000,085,374 | ---- | M] () -- C:\Users\karan\Desktop\ppe_payment.png
[2014/02/04 22:41:23 | 000,427,843 | ---- | M] () -- C:\Users\karan\Desktop\PPE application.pdf
[2014/02/04 22:38:17 | 009,796,382 | ---- | M] () -- C:\Users\karan\Desktop\IMG_20140204_074458.pdf

========== Files Created - No Company Name ==========

[2014/02/23 15:11:23 | 721,442,681 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/23 11:05:01 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/09 15:44:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/02/04 22:44:36 | 000,085,374 | ---- | C] () -- C:\Users\karan\Desktop\ppe_payment.png
[2014/02/04 22:41:17 | 000,427,843 | ---- | C] () -- C:\Users\karan\Desktop\PPE application.pdf
[2014/02/04 22:36:27 | 009,796,382 | ---- | C] () -- C:\Users\karan\Desktop\IMG_20140204_074458.pdf
[2013/10/12 10:28:52 | 000,001,012 | ---- | C] () -- C:\Users\karan\SciTE.session
[2013/03/17 12:07:23 | 000,000,982 | ---- | C] () -- C:\Users\karan\.swfinfo
[2013/02/26 22:30:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/26 22:30:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/02/26 22:29:52 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/02/26 22:29:29 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2013/02/26 22:28:59 | 000,005,146 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/02/25 22:01:02 | 000,000,017 | ---- | C] () -- C:\Users\karan\AppData\Local\resmon.resmoncfg
[2013/02/18 18:04:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/02/16 21:42:17 | 000,000,061 | ---- | C] () -- C:\Users\karan\SciTEUser.properties
[2013/02/16 18:08:25 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/02/13 23:04:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/02/13 23:00:15 | 000,766,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/11 22:07:33 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2012/02/17 10:14:06 | 000,000,038 | ---- | C] () -- C:\Users\karan\abbrev.properties
[2012/02/17 09:02:02 | 000,000,000 | ---- | C] () -- C:\Users\karan\au3.keywords.user.abbreviations.properties
[2012/02/14 15:52:12 | 000,000,027 | ---- | C] () -- C:\Users\karan\au3UserAbbrev.properties
[2010/03/27 10:22:54 | 000,014,905 | ---- | C] () -- C:\Users\karan\au3abbrev.properties
[2010/01/02 16:16:12 | 000,000,111 | ---- | C] () -- C:\Users\karan\au3.UserUdfs.properties
[2010/01/02 16:15:50 | 000,000,000 | ---- | C] () -- C:\Users\karan\au3.user.calltips.api

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
OTL Extras logfile created on: 02/03/2014 12:47:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.49% Memory free
7.68 Gb Paging File | 6.53 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.53 Gb Total Space | 178.94 Gb Free Space | 60.35% Space Free | Partition Type: NTFS

Computer Name: KARAN-VAIO | User Name: karan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068381C2-01FC-40AA-B0EB-009E4A045119}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{157BC0BB-67B8-4EAF-B312-F1C7F04885D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{1763BC97-4DC0-478B-A90F-A68C06C91AB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DA1C1B5-5379-4540-817F-0BE11D6794E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F22CBC4-BFB1-4BD7-B902-292D2F45ECD3}" = lport=49944 | protocol=6 | dir=in | name=argus tv https (binary) |
"{1FE6AE33-FD8D-44B8-96EA-9EB04A5C58B6}" = lport=49941 | protocol=6 | dir=in | name=argus tv https (xml/rest) |
"{22BEAB22-3A3E-422E-9218-12629D17CA10}" = lport=8554 | protocol=6 | dir=in | name=argus tv streaming server (8554) |
"{2AE1745F-EAAF-4BB6-B6FA-B67A6F50D5BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B548649-A4F4-4851-98C2-223E6A6F16E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{399C49F1-A54A-4645-8401-E1F8F29C0991}" = lport=56777 | protocol=6 | dir=in | name=ultidev web server pro |
"{3DFE8C1C-8058-4FE3-806E-DAD0AFD1608F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{423BBAA1-5D91-4E74-B652-F8843CAEF3D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4362CB7D-4A25-4351-B327-E4E3F8BB8B8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{46AF83CF-7143-40B7-8A5A-58E1BCA8EA67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D0B40B4-3928-4A19-B835-B2E828F41678}" = lport=445 | protocol=6 | dir=in | app=system |
"{5388197F-B40A-4147-B5EA-AB3EF7AEBCCF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5410FE49-F8A5-4041-A333-A3B0998DE3EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56AF7891-1806-4FE3-9576-26DD882BC4C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D6BBD02-342E-4832-9915-080C27757FC2}" = lport=3306 | protocol=6 | dir=in | name=mysql |
"{619595C9-D521-45A5-B4A4-A59397964640}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6681EA42-E690-456C-8EB3-E84ED1EF609D}" = rport=138 | protocol=17 | dir=out | app=system |
"{66AFF9D1-3DBE-460F-AFC4-288C2ECC7955}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{695C6116-E188-414D-AB00-54E1C6117735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E11E49B-E411-4547-AA60-662A17E8757D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E96759C-E2BF-45C8-BD99-B66FBA803FD6}" = lport=7756 | protocol=6 | dir=in | name=ultidev web server pro |
"{701397CE-829D-48CF-8D76-FE2CC453E130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70570471-6F6A-4210-90C8-1B81A1B5F758}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{77CB07AE-0465-46A5-AD04-5496D8006B8A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7AB85D95-F4DC-4CA9-B30F-CE1A7113FC6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8011493E-009B-4A01-8692-83D1268C20F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8AC1D3B2-1536-4874-9657-8320C8E6FE75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DB767E9-0EC5-46F5-9947-321117514389}" = lport=5677 | protocol=6 | dir=in | name=ultidev web server pro |
"{9F28588B-AD74-4231-A0CC-000C1682BCB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A917C0DF-267E-4B04-9564-66915B7268E7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ABCEC98C-5BC8-430B-9611-517B0905A315}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B55B47E9-44A1-41C8-8987-F7FCE42E6F73}" = lport=554 | protocol=6 | dir=in | name=argus tv streaming server (554) |
"{B58AC404-2220-436C-B6FD-490FB6839F85}" = lport=49943 | protocol=6 | dir=in | name=argus tv http (xml/rest) |
"{BAA1AA5C-7407-41E4-95FB-B16A8DF003A4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BDEC4970-7721-41DB-829A-D5128ED013CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1FAA039-B207-4E5A-B3EF-22D1426C7043}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C24CC14C-A013-4566-B934-4E32536A86FD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E2C4A33F-1D50-4D7C-B228-67C2E177DF8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8844755-8701-4235-A341-491CCA5DF00D}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CD7939-1F0C-47BA-B2C3-B8C7F2B7FA10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A22B315-498C-47C7-937B-A39F5486A7FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C66AA66-BA40-4F3F-AA8A-848E75B2C5F9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DEF7852-A295-4CF9-9FA7-451B3199872F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{123D9CDB-1543-49BD-8A5B-5A5A1368E1E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{140BD3EA-5C23-4053-A953-AF0218C39C49}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{14EFC57C-FA74-4368-B241-3D638298A8D3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{16D644DF-058F-474B-AB9F-CE7989ED8445}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{2078E00C-8304-4A8B-98BA-984E128A5C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22052AB0-A324-408A-BB33-5E6B4DEFD413}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{23ED1BA0-4092-4989-A42F-CD7F1C82A3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2820FE32-98CC-4460-BB1C-D23C6555ADD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2826D96C-F516-4BF8-9513-C15F555EC419}" = protocol=6 | dir=out | app=system |
"{2DEA48B0-7905-473F-A740-00DAEA0AFE23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E20BDD7-1A83-4F62-AAFF-928AFC989268}" = protocol=58 | dir=in | app=system |
"{2E518A26-F556-4D02-8F59-78FC6DB8099B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B955720-149B-4918-9F8C-F610F51D9FC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41BA1315-4C18-4F82-BC71-98D891A9F540}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43F38EDE-FB80-4383-873B-D678A8BAECE0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4655BE38-4467-4613-B3BC-6A74E6C8F413}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{500F4C77-0A45-4C10-933B-341858CB66AE}" = protocol=6 | dir=in | app=c:\users\karan\appdata\roaming\utorrent\utorrent.exe |
"{59820360-D4E3-4F7B-B91F-18E81C02F8C2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6173949A-53E0-4B6F-8F49-6E31A680FB53}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{6464B585-050D-43F3-AB94-A2E2DF7CCADB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68E1AF98-1F1C-47F5-8524-C04CB1E62C41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B8E8465-CA1D-4D43-B641-BE360A3EE2E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8FB97576-1370-48FE-A0A8-2591DE2FA663}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A256055B-487B-447F-B752-187F13B7D832}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{A2D14C2B-E2FA-4E75-ACDE-113B9485A4DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD3381DA-37A3-4B47-ABEC-D85FB5F3B923}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD66CBC7-FB61-4D7B-9085-A9F9252451CA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CFA7BE56-E4C8-4B7D-8A83-F1C139AB8E4D}" = protocol=17 | dir=in | app=c:\users\karan\appdata\roaming\utorrent\utorrent.exe |
"{DF507CD4-7D3D-4F20-86E8-9C6013DD070A}" = dir=in | app=c:\users\karan\appdata\local\microsoft\skydrive\skydrive.exe |
"{E3C3975F-0B13-4275-86A7-D796EF4C617D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E59418C2-C66D-4DC5-A1DC-E21B3446D01C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E596F791-5E9B-418D-B788-531740E56112}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E60018B5-FA51-4823-8E15-C05AF233CAA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EEE1913C-8747-4656-BBEF-E44B7A347DB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{F231DE6C-13EB-43E7-A590-7ED83A3BEA5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F26EECCA-8768-4034-893C-4AA3BBE42E86}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{F65F22B7-7E72-4E71-999C-3387973108E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5D897F-F2B1-462D-A9D3-927EDB8E94B6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"TCP Query User{15A9A29E-522D-4A9E-90E3-37553082F92C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{49F53EFD-8359-48FA-9AF2-2829B8654C4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5B1724EF-CA70-4CC3-B266-BDF1427439F4}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{6EB87AC6-F537-47CB-A7A2-4FCC098E0404}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{89CE43B4-5DE0-4687-A455-7BCF83AF6915}C:\program files (x86)\soundmaven\soundmaven.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soundmaven\soundmaven.exe |
"TCP Query User{8AA983E2-1524-41F3-B425-28F6EDA30E99}C:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe" = protocol=6 | dir=in | app=c:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe |
"TCP Query User{B8EE89F8-C066-4DD6-976A-43405803E80D}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"UDP Query User{59EF50A3-72E2-4E09-A21E-5D6B15A69ECD}C:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe" = protocol=17 | dir=in | app=c:\users\karan\downloads\drivers\xbmc\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\mediaportal_v123_tvserverxbmc_plugin_bin_rev120\debug\tvserverxbmc.exe |
"UDP Query User{75B0C286-8123-49F9-B34B-75C642DBED7F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{786A6CAC-99FA-4DDC-8C15-9201EBA7A4D8}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{7D873FB2-47A6-45EA-AA4E-9D01E90AD6DF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9A0C7D4C-40DF-408C-90C0-AC989762BE95}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{C7754D3E-0B0C-44BF-8B55-5C61AECA9F0F}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"UDP Query User{E7AB6048-24F5-4888-8615-83B5C2BA9D2C}C:\program files (x86)\soundmaven\soundmaven.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soundmaven\soundmaven.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{501B62C1-B2B6-472F-A1CC-850E2C34FB50}" = FileBot
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{98C0896D-2367-4D73-A4D1-8A04E83B0828}" = Setup_VEP_x64_Contain_SSDB_VCSW
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}" = VAIO Care
"{F8B40DB4-FD07-4368-AA57-34F2B0839683}" = VAIO Content Metadata Intelligent Analyzing Manager
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"Speccy" = Speccy
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{0183D8B5-50C7-4A7D-89F8-C5FAB707E615}" = Quicken 2013
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Function Settings
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = VAIO Content Monitoring Settings
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.6
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Helium
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAD84D4A-DE51-42A1-964B-E80013272D55}" = XBMCIntegration
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F60DFD1A-209E-4E12-9CF1-70820249A0C3}" = UltiDev Web Server Pro
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AutoIt Debugger" = AutoIt Debugger 0.45.1
"AutoItv3" = AutoIt v3.3.6.1
"avast" = avast! Free Antivirus
"FileHippo.com" = FileHippo.com Update Checker
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NextPVR" = NextPVR
"PowerISO" = PowerISO
"SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012
"splashtop" = VAIO Quick Web Access
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XMBCLauncher" = XMBCLauncher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Qt" = Qt
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/03/2014 1:30:11 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:30:44 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:32:58 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:39:09 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:42:16 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:44:25 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:46:31 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:47:05 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:47:54 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 02/03/2014 1:53:01 AM | Computer Name = karan-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

[ System Events ]
Error - 02/03/2014 1:37:16 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The VUAgent service failed to start due to the following error: %%1053

Error - 02/03/2014 1:37:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VUAgent
service to connect.

Error - 02/03/2014 1:37:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The VUAgent service failed to start due to the following error: %%1053

Error - 02/03/2014 1:39:15 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The Hauppauge CIR Receiver service failed to start due to the following
error: %%1058

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService
service to connect.

Error - 02/03/2014 1:40:04 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7000
Description = The HsfXAudioService service failed to start due to the following
error: %%1053

Error - 02/03/2014 1:42:46 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 02/03/2014 1:43:19 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X64 service to connect.

Error - 02/03/2014 1:53:01 AM | Computer Name = karan-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147023436


< End of report >

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Does the PremierOpinion keep re-appearing?

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
After I had it uninstalled, PremierOpinion did not reappear, but my laptop gets slow when the internet is turned on and windows update fails every time. See log below

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\20131027\addons\packages\plugin.video.crackle-0.1.1.zip
c:\20131027\addons\plugin.video.crackle\addon.xml
c:\20131027\addons\plugin.video.crackle\changelog.txt
c:\20131027\addons\plugin.video.crackle\default.py
c:\20131027\addons\plugin.video.crackle\resources\settings.xml
c:\20131027\addons\plugin.video.crackle\resources\__init__.py
c:\20131027\addons\plugin.video.crackle\resources\__init__.pyo
c:\20131027\addons\plugin.video.crackle\resources\language\english\strings.xml
c:\20131027\addons\plugin.video.crackle\resources\lib\addon.py
c:\20131027\addons\plugin.video.crackle\resources\lib\addon.pyo
c:\20131027\addons\plugin.video.crackle\resources\lib\crackle.py
c:\20131027\addons\plugin.video.crackle\resources\lib\crackle.pyo
c:\20131027\addons\plugin.video.crackle\resources\lib\__init__.py
c:\20131027\addons\plugin.video.crackle\resources\lib\__init__.pyo
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.h
c:\qt\5.1.1\src\qtwebkit\source\webcore\html\htmlkeygenelement.idl
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\sslkeygenerator.h
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\blackberry\sslkeygeneratorblackberry.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\chromium\sslkeygeneratorchromium.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\mac\sslkeygeneratormac.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\win\sslkeygeneratorwin.cpp
c:\qt\5.1.1\src\qtwebkit\source\webcore\platform\wx\sslkeygeneratorwx.cpp
c:\qt\5.1.1\src\qtwebkit\source\webkit\mac\webcoresupport\webkeygenerator.h
c:\qt\5.1.1\src\qtwebkit\source\webkit\mac\webcoresupport\webkeygenerator.mm
c:\qt\5.1.1\src\qtwebkit\tools\testwebkitapi\tests\webkit2\win\altkeygenerateswmsyscommand.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\generated\jshtmlkeygenelement.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\generated\jshtmlkeygenelement.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.cpp
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\html\htmlkeygenelement.idl
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\platform\sslkeygenerator.h
c:\users\karan\downloads\engineering and coding\engauge digitizer\qt-everywhere-opensource-src-4.8.5\src\3rdparty\webkit\source\webcore\platform\mac\sslkeygeneratormac.cpp
c:\users\karan\downloads\office and related software\crack\microsoft office 2010 final 14.0.4760.1000 activation crack step by step.flv
c:\users\karan\downloads\office and related software\crack\office key remover.exe
c:\users\karan\downloads\office and related software\crack\read.txt
c:\users\karan\downloads\office and related software\crack\sn.txt
c:\users\karan\downloads\office and related software\crack\torrent downloaded from demonoid.com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\read me.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\snagit.exe
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\torrent_downloaded_from_demonoid.com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\tracked_by_h33t_com.txt
c:\users\karan\downloads\other misc\snagit\techsmith snagit v9.1.0 incl keygen [systic-d]\crack\thumbs.db
scanner sequence 3.ZZ.11.UOAPKZ
----- EOF -----

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
Hello.
MBAM detected a few cracks/keygens and CKScanner shows a few more.

Keygens & cracks can be extremely dangerous and aren't always what they appear to be. I recommend deleting any you have as they could be infected.

Lets see what this program says about Windows Updates.

Please download FSS

  1. Download & run the program.
  2. Make sure all the boxes and ticked & hit Scan.
  3. Once complete, attach the log in your next post.

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
I removed them as recommended.

I get windows activation pop-up stating I dont have genuine Windows. The error code is 0x8004fe21. Once I click the link "Resolve it online", the windows validation program runs and states that some windows files are missing or corrupt or I may be using a non-genuine version of windows. However that is not the case, I am using the original shipped version of Windows that came installed on my VAIO.

See log below:

Farbar Service Scanner Version: 25-02-2014
Ran by karan (administrator) on 03-03-2014 at 22:23:22
Running from "C:\Users\karan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
FSS says your Windows Updates is good, but please run this next tool.

Download MGADiag from here

It will make a report once it's finished.
Please attach the log instead of posting it by pressing the Post Reply button to access the attach feature.

descriptionPremier Opinion EmptyMGA log

more_horiz
see attached

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
I don't think it attached correctly.

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
oops

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
Hello.
That got us 1 step closer.

The log does show me your OS is valid and your key is still there which is good news, but it also shows some of your system files have been tampered with, so we may need to repair those.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
I tried to run the command from the search bar once the start button is clicked; but I got an error. So I assumed that the command has to be entered when combofix starts and I will have an option to select the /stepdel argument. Combofix ran and created the log. Then I realized that you are pointing to "commy.exe" which I could not find. Combofix downloaded as Combofix.exe. So I reran combofix using the following command from a terminal: "%userprofile%\desktop\combofix.exe" /stepdel

I have attached both logs herein.
Combofix1 is without the /stepdel argument
Combofix2 is with the /stepdel arg

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
Hello.
Okay that looks good, the files weren't tampered with by malware or anything bad, probably just a corruption.

Now open a new notepad file.
Input this into the notepad file:

@echo off
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
exit


Save this as run.bat, save it to your desktop.
Right click run.bat > run as administrator. A black command window will open, run the script and close again.

No log will be produced this time. Go to C:\windows\system32 and confirm catroot2 is now called catroot2.old.

If so, try Windows Updates again and see what happens this time & report back.

descriptionPremier Opinion EmptyRe: Premier Opinion

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum