Solved 2 Csrss.exe running at the same time win8 64-bit

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-469892394-312036809-2011439782-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\hp 13\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1135\8.0.1135\FIREFOXEXTENSION [2014/01/15 00:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\hp 13\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/09 02:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension [2014/01/15 00:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2014/01/15 00:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/01/15 00:39:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\hp 13\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/09 02:04:14 | 000,000,000 | ---D | M]

[2013/09/09 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp 13\AppData\Roaming\mozilla\Extensions
[2013/09/09 02:05:03 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\hp 13\AppData\Roaming\mozilla\Extensions\7go@7go.com
[2013/09/09 02:04:14 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\hp 13\AppData\Roaming\mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/09/09 02:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: TrendMicro BEP Extension = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\8.0.0.1135_0\
CHR - Extension: Google Search = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Trend Micro Osprey Chrome Extension = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi\1.6.1092_0\
CHR - Extension: Google Wallet = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\hp 13\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 04:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 114.108.195.1 114.108.193.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8439FE2F-71D7-4063-8793-F7260B88665D}: DhcpNameServer = 114.108.195.1 114.108.193.201
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d21e1bfc-7d98-11e3-bf2e-68942376b0a2}\Shell - "" = AutoRun
O33 - MountPoints2\{d21e1bfc-7d98-11e3-bf2e-68942376b0a2}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/31 14:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/31 14:02:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/31 11:48:07 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\6E9A633A.sys
[2014/01/31 10:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/31 10:39:50 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/31 10:34:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/01/31 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Desktop\mbar
[2014/01/31 10:04:59 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Desktop\RK_Quarantine
[2014/01/31 07:26:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/31 01:50:41 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\Games
[2014/01/31 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\Plants vs. Zombies
[2014/01/31 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\NDS
[2014/01/30 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\xim
[2014/01/30 20:04:22 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\hp 13\Desktop\dds.com
[2014/01/30 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\Malwarebytes
[2014/01/30 19:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/30 19:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/30 19:55:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/01/30 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/30 13:16:49 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\LolClient
[2014/01/30 12:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaLoLPH
[2014/01/29 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Garena
[2014/01/29 23:40:52 | 000,000,000 | ---D | C] -- C:\GarenaDownload
[2014/01/29 23:40:46 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\Garena
[2014/01/29 23:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena
[2014/01/29 23:39:21 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\GarenaPlus
[2014/01/29 23:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2014/01/29 23:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2014/01/29 23:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2014/01/25 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\DOSBox
[2014/01/25 10:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2014/01/25 10:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2014/01/25 10:11:04 | 000,000,000 | ---D | C] -- C:\TASM
[2014/01/23 21:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/01/23 21:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/01/23 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/01/23 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/01/22 02:53:08 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\NetBeansProjects
[2014/01/22 02:48:52 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\NetBeans
[2014/01/22 02:48:52 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\NetBeans
[2014/01/22 02:36:23 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\HTC
[2014/01/22 02:36:09 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\Apple Computer
[2014/01/22 02:36:09 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Apple Computer
[2014/01/22 02:36:06 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\HTC MediaHub
[2014/01/22 02:36:06 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\HTC
[2014/01/22 02:35:57 | 000,000,000 | ---D | C] -- C:\Users\hp 13\.android
[2014/01/22 02:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2014/01/22 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2014/01/22 02:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2014/01/22 02:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\glassfish-4.0
[2014/01/22 02:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2014/01/22 01:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetBeans 7.4
[2014/01/22 01:58:28 | 000,000,000 | ---D | C] -- C:\Users\hp 13\.nbi
[2014/01/22 01:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/01/22 01:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/22 01:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/22 01:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/22 01:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2014/01/22 01:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/01/21 18:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2014/01/21 18:54:12 | 000,033,736 | ---- | C] (HTC, Corporation) -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys
[2014/01/21 18:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2014/01/21 18:54:05 | 000,000,000 | ---D | C] -- C:\Temp
[2014/01/21 18:51:23 | 000,000,000 | ---D | C] -- C:\Users\hp 13\Documents\Back up HTC
[2014/01/15 00:45:06 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2014/01/15 00:41:43 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2014/01/15 00:41:13 | 000,303,392 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmnciesc.sys
[2014/01/15 00:41:13 | 000,100,640 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmeevw.sys
[2014/01/15 00:41:10 | 000,282,624 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmcomm.sys
[2014/01/15 00:41:10 | 000,116,264 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmactmon.sys
[2014/01/15 00:41:10 | 000,085,424 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmevtmgr.sys
[2014/01/15 00:41:10 | 000,050,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\TMEBC64.sys
[2014/01/15 00:41:09 | 000,037,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmel.sys
[2014/01/15 00:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/01/14 16:37:43 | 000,000,000 | R--D | C] -- C:\Users\hp 13\SkyDrive
[2014/01/14 15:55:16 | 000,000,000 | --SD | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\Favorites
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\Documents
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\Desktop
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/14 15:55:16 | 000,000,000 | R--D | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\AppData\Local\Temporary Internet Files
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Templates
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Start Menu
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\SendTo
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Recent
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\PrintHood
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\NetHood
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Documents\My Videos
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Documents\My Pictures
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Documents\My Music
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\My Documents
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Local Settings
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\AppData\Local\History
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Cookies
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\Application Data
[2014/01/14 15:55:16 | 000,000,000 | -HSD | C] -- C:\Users\hp 13\AppData\Local\Application Data
[2014/01/14 15:55:16 | 000,000,000 | -H-D | C] -- C:\Users\hp 13\AppData
[2014/01/14 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Temp
[2014/01/14 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Microsoft
[2014/01/14 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/14 15:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2014/01/14 15:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/01/14 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/01/14 15:48:45 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2014/01/14 15:48:45 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2014/01/14 15:47:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/01/14 14:46:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/01/14 14:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/01/14 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/01/14 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/01/14 14:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/01/14 14:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/01/14 14:39:25 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/01/14 08:31:53 | 000,224,256 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2014/01/14 08:31:52 | 008,013,312 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNHP.dll
[2014/01/14 08:31:52 | 008,003,072 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNGUI.exe
[2014/01/14 08:31:52 | 006,102,016 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2014/01/14 08:31:52 | 002,216,448 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNX.dll
[2014/01/14 08:31:52 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2014/01/14 08:31:52 | 001,664,000 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2014/01/14 08:31:52 | 000,464,384 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slapoi64.dll
[2014/01/14 08:31:52 | 000,253,952 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNJ.exe
[2014/01/14 08:31:06 | 000,543,744 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys
[2014/01/14 08:31:06 | 000,499,200 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stcplx64.dll
[2014/01/14 08:31:05 | 002,189,312 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stapo64.dll
[2014/01/14 08:31:05 | 000,672,256 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stapi64.dll
[2014/01/14 08:31:05 | 000,256,000 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\st646433.dll
[2014/01/14 07:44:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2014/01/13 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Roaming\HewlettPackard
[2014/01/13 23:08:40 | 000,690,832 | ---- | C] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/01/13 10:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/01/13 02:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/13 02:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/13 00:48:40 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\bluesoleil
[2014/01/13 00:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Bluetooth Stack
[2014/01/13 00:01:40 | 000,000,000 | -HSD | C] -- C:\found.007
[2014/01/12 13:09:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\%LOCALAPPDATA%
[2014/01/12 13:00:36 | 000,000,000 | -HSD | C] -- C:\found.006
[2014/01/12 06:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/12 06:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/12 05:17:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2014/01/12 05:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Tweaking.com - Reset Registry Permissions
[2014/01/12 05:08:21 | 000,439,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswndisflt.sys
[2014/01/12 04:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/12 04:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/12 02:12:17 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Trend Micro
[2014/01/12 02:11:29 | 000,103,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmusa.sys
[2014/01/12 02:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2014/01/12 01:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/12 01:50:43 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\Google
[2014/01/04 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\hp 13\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2014/01/31 14:08:17 | 000,000,983 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/01/31 14:07:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/31 14:07:02 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 14:06:55 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/01/31 14:05:14 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/01/31 14:05:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/31 14:05:00 | 770,035,711 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/31 13:44:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 13:39:53 | 000,231,960 | ---- | M] () -- C:\WINDOWS\RegBootClean64.exe
[2014/01/31 11:48:15 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/31 11:48:07 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\6E9A633A.sys
[2014/01/31 10:34:20 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/01/31 10:00:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForhp 13.job
[2014/01/31 08:39:38 | 000,000,130 | ---- | M] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2014/01/31 01:31:26 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/01/31 01:31:26 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/01/31 01:31:26 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/01/30 20:05:06 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\hp 13\Desktop\dds.com
[2014/01/30 19:55:57 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/30 13:08:07 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2014/01/29 23:39:11 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2014/01/25 10:26:53 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2014/01/23 21:12:26 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[2014/01/23 21:12:20 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/01/22 02:47:42 | 000,001,478 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2014/01/22 02:45:21 | 000,344,648 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/01/22 02:35:43 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
[2014/01/22 02:02:06 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.4.lnk
[2014/01/15 00:41:51 | 000,001,461 | ---- | M] () -- C:\Users\hp 13\Desktop\Trend Micro Titanium Internet Security.lnk
[2014/01/15 00:38:57 | 000,000,059 | ---- | M] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
[2014/01/14 16:12:26 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/01/14 16:12:26 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/01/14 16:12:13 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/01/14 15:51:23 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/01/14 15:49:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2014/01/14 15:49:12 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/01/14 15:49:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/01/14 15:48:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/01/14 09:21:55 | 000,016,330 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2014/01/14 08:30:18 | 008,013,312 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNHP.dll
[2014/01/14 08:30:18 | 008,003,072 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNGUI.exe
[2014/01/14 08:30:18 | 006,102,016 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2014/01/14 08:30:18 | 002,216,448 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNX.dll
[2014/01/14 08:30:18 | 002,189,312 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\stapo64.dll
[2014/01/14 08:30:18 | 001,821,184 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2014/01/14 08:30:18 | 001,664,000 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2014/01/14 08:30:18 | 000,672,256 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\stapi64.dll
[2014/01/14 08:30:18 | 000,543,744 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys
[2014/01/14 08:30:18 | 000,499,200 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\stcplx64.dll
[2014/01/14 08:30:18 | 000,464,384 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slapoi64.dll
[2014/01/14 08:30:18 | 000,256,000 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\st646433.dll
[2014/01/14 08:30:18 | 000,253,952 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNJ.exe
[2014/01/14 08:30:17 | 000,224,256 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2014/01/14 08:30:17 | 000,059,256 | ---- | M] () -- C:\WINDOWS\SysNative\Copley.xml
[2014/01/13 23:08:15 | 000,690,832 | ---- | M] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/01/13 22:43:29 | 480,282,204 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/01/13 00:48:30 | 000,001,251 | ---- | M] () -- C:\Users\hp 13\Desktop\Norton Installation Files.lnk
[2014/01/13 00:41:27 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0
[2014/01/12 06:26:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/12 05:22:35 | 000,002,279 | ---- | M] () -- C:\Users\hp 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/12 05:18:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2014/01/12 05:15:28 | 000,439,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswndisflt.sys
[2014/01/12 02:04:51 | 000,000,036 | ---- | M] () -- C:\Users\hp 13\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2014/01/31 00:19:40 | 000,000,130 | ---- | C] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2014/01/30 19:55:57 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/30 13:08:07 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2014/01/29 23:39:11 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2014/01/25 10:26:53 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2014/01/23 21:12:26 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2014/01/23 21:12:20 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/01/22 02:35:43 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
[2014/01/22 02:02:06 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.4.lnk
[2014/01/17 01:15:56 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/01/17 01:15:56 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/15 00:41:43 | 000,001,461 | ---- | C] () -- C:\Users\hp 13\Desktop\Trend Micro Titanium Internet Security.lnk
[2014/01/15 00:38:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
[2014/01/14 16:34:17 | 000,001,442 | ---- | C] () -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/14 16:12:13 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/01/14 16:00:04 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/01/14 15:55:36 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/01/14 15:55:36 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/01/14 15:55:16 | 000,000,352 | ---- | C] () -- C:\Users\hp 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/14 15:55:16 | 000,000,334 | ---- | C] () -- C:\Users\hp 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/01/14 15:51:23 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/01/14 15:49:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2014/01/14 15:49:12 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/01/14 15:49:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/01/14 15:48:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/01/14 09:25:41 | 000,000,650 | ---- | C] () -- C:\Users\hp 13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[2014/01/14 08:31:52 | 000,059,256 | ---- | C] () -- C:\WINDOWS\SysNative\Copley.xml
[2014/01/13 22:55:47 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForhp 13.job
[2014/01/13 06:51:54 | 480,282,204 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2014/01/13 00:41:27 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/01/13 00:41:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/01/13 00:33:37 | 000,001,251 | ---- | C] () -- C:\Users\hp 13\Desktop\Norton Installation Files.lnk
[2014/01/12 06:26:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/12 04:37:46 | 000,002,279 | ---- | C] () -- C:\Users\hp 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/12 04:34:06 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 04:34:04 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 02:48:40 | 000,231,960 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe
[2014/01/12 02:04:51 | 000,000,036 | ---- | C] () -- C:\Users\hp 13\AppData\Local\housecall.guid.cache
[2013/12/21 00:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/12/21 00:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/12/21 00:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 06:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 06:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 05:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/21 22:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 18:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 14:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 14:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/03/22 10:00:08 | 000,000,983 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/07/25 11:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 11:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 11:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/06/13 08:45:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\SysWow64\SROF.dll
[2012/06/04 21:31:00 | 000,000,417 | ---- | C] () -- C:\WINDOWS\SysWow64\RaoBLE.ini
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/01/18 11:00:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/13 22:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/13 22:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 00:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 17:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 00:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/14 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\towkie\AppData\Roaming\Synaptics

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Users\hp 13\SkyDrive:ms-properties
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
 
OTL Extras logfile created on: 1/31/2014 2:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp 13\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 66.19% Memory free
11.90 Gb Paging File | 9.85 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.16 Gb Total Space | 356.33 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive D: | 24.48 Gb Total Space | 2.89 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: EZRA | User Name: hp 13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-469892394-312036809-2011439782-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104636EF-D67D-45D6-A3B3-FB29F9ACB33C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{121E1E81-2175-4BAB-BF3F-A5978B24A100}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{122AF4AC-B800-404A-A688-DE83A606798D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{1301E558-020D-4421-9D2C-9DF0EF102C73}" = lport=137 | protocol=17 | dir=in | app=system |
"{2210180D-8F54-4DE7-BDBB-9F4E4AD5CBD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{282F952F-E8DF-49AA-848E-87F211BF3211}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A3A6935-1C38-477C-B801-58DE88FDCB61}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{4AE05D44-660D-4EB0-80F4-D33747B3B742}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{4B21285D-F458-42D2-85AE-04CF9E3AA700}" = lport=6896 | protocol=17 | dir=in | name=league of legends launcher |
"{644D2952-CD46-4E50-9204-662F27C868C3}" = lport=139 | protocol=6 | dir=in | app=system |
"{7AB458A8-E5F6-49A8-B97A-27E7E08B0DE7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8270D972-3FEC-4945-95C4-09D4C39DF0A9}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{839A0FEE-4746-4480-93EC-C81471C4EBAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83CD4D20-DEE2-4B33-9776-EFDF0C848C3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{90F0D9D8-8978-43E1-9632-E1E93E426BE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{96D6B9BC-8B51-4462-8A16-99B07BFD705E}" = lport=6896 | protocol=6 | dir=in | name=league of legends launcher |
"{A81FD44A-4D50-4231-BDD3-5E29F65D92AD}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{B04C9015-C39E-4139-8B60-99E1C5DAFB6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BDE19C27-48C9-41A7-BC1B-E2B4F2228503}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{BE5F1D86-EABC-4FB1-BE08-4BD4A50730AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{E597A6F2-EAAF-42F8-B10B-80253A200715}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF87504C-B20E-4EA6-B21B-70B9F9D2EE01}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0097BD5E-5C90-4C9B-82C1-70308DD15BC5}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{028B0B62-15FD-40DA-B3BE-95214E9B5F40}" = dir=out | name=iheartradio |
"{0806F4C0-C80E-46F6-BF56-27352337F7F6}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{0894CD66-4F2A-450E-8207-3E489A313516}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{094D3D04-9E7E-4409-AD0D-228AF84A1DAA}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{0B5DF7FB-3CC0-4516-A547-1EBFCB2E0479}" = dir=out | name=sonicwall mobile connect |
"{0F75C543-4C45-42E4-93D9-B2FEC96C793A}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{0F920293-4804-49B0-89A2-27DCA84997F7}" = dir=out | name=@{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{11D8A9D3-3678-4B29-BB62-F6203CD1C188}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{122E71EA-265F-4129-959D-332B8E01B5D1}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{1444E804-B51B-44A2-B8F4-E7B9392343BE}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{147215FB-4338-4BD5-A9F9-4A761CF2BE0D}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{18AB8C3D-2B95-4D3F-B067-61C59E6D84E5}" = dir=in | name=juniper networks junos pulse |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1C9BBE71-5041-4B9D-9033-CBFF9EBBB53E}" = dir=out | name=hp registration |
"{1DD1CAEE-255A-4963-8A2F-A98A051ABC60}" = dir=out | name=juniper networks junos pulse |
"{1E03782A-B5E1-434E-8AAF-26A8211DC763}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{207003F8-8429-4CF5-9003-5E75CCC93589}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{21CFAC85-6FC7-4E94-B739-505D5B7AC216}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{2339B048-7675-49C2-B604-DF37CE7F30AB}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{2E60ECA2-EBC1-4EE5-8690-F492A80FFAFB}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{2F9F03ED-6345-486A-A668-46204FF47CA9}" = dir=out | name=netflix |
"{310616D1-1D68-4F80-8F3A-FFDDA2B88308}" = protocol=17 | dir=in | app=c:\garenadownload\games\lolph\lolinstaller.exe |
"{32B12BE8-F24E-4E1E-B837-AE7FBD774FFB}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{375E8100-3FB6-4C66-8A1C-A99DEF291B0D}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3AA819E4-BDC1-4599-A3C6-2872EB9437B7}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\lol.exe |
"{3B3C1767-5CF5-469A-A13F-C8C27E5E756E}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3BBEFB18-57FA-4262-97DF-7111D1C342FB}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3F6DA090-472B-4E44-996A-37C9AB3A9477}" = dir=in | name=check point vpn |
"{40CB9964-A5EE-416E-990D-BB467957D25F}" = dir=out | name=kindle |
"{4199184A-A341-4FA7-8EAB-AD18DD7A92DC}" = dir=in | name=skype |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4329C3B3-1183-4ABE-8412-8C982E0DF3F2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{445B039E-4465-4A50-B5A4-AFDEE368EA91}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{448751F3-8FDC-480F-9662-5B1C3DA9FFFD}" = protocol=17 | dir=in | app=c:\users\hp 13\appdata\local\temp\7zs8ac8.tmp\symnrt.exe |
"{4537462C-7E1E-4F68-BF4D-3F50F7B7C572}" = dir=out | name=getting started with windows 8 |
"{4766DBC0-60EC-4399-A52F-93FB95CE8F8F}" = dir=out | name=hp+ |
"{4870ED19-E5B2-44B7-9664-D7BC0530144A}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4B97070B-62A5-4E71-98B0-26CEE6BA907D}" = dir=out | name=microsoft solitaire collection |
"{4CC340CB-4FB1-4B39-8A22-176A99898A5C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5334658B-988C-419D-854F-93869F2BD9A4}" = dir=out | name=kindle |
"{535EB4AB-7B95-4755-A880-578ED61099DA}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{5488DBE2-3B5F-47DD-9133-F39A7E7A28C9}" = dir=out | name=ebay |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56DA74DB-9F06-467C-9D01-C67380D3FCCD}" = dir=out | name=check point vpn |
"{5EEB180E-718A-4CCB-B2A0-F111A872FC77}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{62FAB44F-32D6-4B5B-9CF3-F78C6A623BEA}" = dir=out | name=f5 vpn |
"{64FBFF10-1F86-42EB-ACD7-09187E3F36ED}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{650CE773-2587-478A-A9FA-78B8A70C6239}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{6577EA9A-4E06-49EC-A2D6-A8415A10DE68}" = dir=in | name=hp connected photo powered by snapfish |
"{6693C7D4-0748-41EB-969B-A9695A266424}" = protocol=6 | dir=in | app=c:\users\hp 13\appdata\local\temp\7zs8ac8.tmp\symnrt.exe |
"{69332677-D8D4-4207-A785-12A03B12A0A9}" = dir=out | name=ebay |
"{6C382F6F-0977-4D3E-858A-D0670D9BE545}" = dir=out | name=iheartradio |
"{6DC92C73-3605-4D25-961F-734F79B7555A}" = dir=in | app=c:\program files (x86)\garena plus\ggdllhost.exe |
"{6FC3B646-BD3B-461B-AA59-05812398C36C}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{733200DC-1D58-4EA3-89C9-9D8EF1FF2B0A}" = dir=out | name=sonicwall mobile connect |
"{7335AA94-BD40-4E44-A368-DF5026A78F7D}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{735DB1B6-1A44-40D8-81DE-BBB988B1A6BB}" = dir=out | name=getting started with windows 8 |
"{75186E36-BDD5-41DC-89C3-AC80FFE631DE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7530522E-D8E1-4364-B2F4-4D0F9113926F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{78C7756E-2A3F-45A0-8620-95DC964803D4}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{7BE586EC-25E9-4414-A95E-D621DC796A71}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{7C92DE5C-B5BD-440D-A3F6-2DC97A72A5A4}" = dir=out | name=@{microsoft.zunemusic_2.2.444.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{7CB3A7CD-D19A-4CBE-A05A-106F322C7099}" = dir=out | name=juniper networks junos pulse |
"{7E07BEC6-1E88-4551-8899-0D9FECCACCA8}" = dir=out | name=check point vpn |
"{7EC8D6AC-D0F3-4293-BDB0-C298F32BB1B0}" = dir=in | name=hp+ |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80B9FE2C-30FF-4CAE-A561-1543DAB42EC1}" = dir=in | name=microsoft mahjong |
"{84C8E811-2EAE-40BC-B93D-3A917801E275}" = dir=out | name=microsoft mahjong |
"{864F9F4E-36D7-4A52-BA2E-7A8840C4C737}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8981298B-C9E4-4CE6-9845-654E5F9CEB7C}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{8A4DAF7A-D1C3-4ED8-A340-65300AE445FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8BBC57E7-B404-461A-8340-CBEE78175123}" = dir=in | name=hp connected photo powered by snapfish |
"{8C4F3988-80F4-419B-B63B-1D973E9A8979}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8CE4E05E-EA5E-44AC-B117-144174A45BBA}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{8E50B17D-A63C-4033-99E6-BAE21946A20D}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{8F653104-333C-4CE0-A8B6-F2E61EACEDE7}" = dir=out | name=@{microsoft.zunevideo_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{90329504-CA0A-42BA-AFF9-76FC047A926B}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{94CF0D2E-C48F-4ABA-B803-A181647E13B3}" = protocol=6 | dir=in | app=c:\garenadownload\games\lolph\lolinstaller.exe |
"{95705BAE-083D-4ED8-9F4F-E5B201317666}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{970F4DD6-2838-4957-B34E-FD4BC91C8124}" = dir=in | name=f5 vpn |
"{981CC1FE-DFEE-4800-8644-EB835FEAD79C}" = dir=out | name=hp+ |
"{9866EA9F-C94F-4C20-A15A-013130DCE53F}" = dir=in | name=hp+ |
"{9DDC3C60-CE2F-4730-839B-1712F77DA9FC}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9DF8C8F2-6194-4FC0-9E5D-A8FBF227D777}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9EDDEC3C-6C9F-4B23-AA4C-9B169E912F49}" = dir=in | name=sonicwall mobile connect |
"{9F0E026A-3AEE-47E0-B346-D19CC625CCC4}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{9F3E3D22-603D-49EF-B461-1C1C76FE8C96}" = dir=out | name=@{kasperskylab.kasperskynow_1.0.0.42_x64__8jx5e25qw3tdc?ms-resource://kasperskylab.kasperskynow/resources/applicationpackagedisplayname} |
"{A18C95AB-8312-46D7-8A1D-37142910DE6C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{A39DD3CB-257A-46A4-B6ED-4B995561FDD7}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{A4366EB8-6FB3-41B5-9470-1232589FC71B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6A41B68-1A40-47C1-A98F-924836F1EE9D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A99E9CD5-76A0-4D3E-8D86-35A7EF808E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AA279777-7EA4-478F-A6A9-D9996B93F48F}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{AA2B90F8-09F1-4290-8017-EE5CB22103B5}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{AA7E46CA-488D-4E50-878A-A18EB4D27723}" = dir=out | name=windows_ie_ac_001 |
"{AB736C8F-E8F3-477C-8247-3E01BDD28538}" = dir=out | name=norton studio |
"{AC5BFEE2-2D57-40EC-A653-513EE75B7109}" = dir=out | name=@{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{ACC9A866-583D-42BE-825C-3D0C792EFE34}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B191DCE6-C55B-4B3F-9DF0-DA79526B2B84}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{B9DE8755-F634-43B9-BE5F-95F22B8F52D7}" = dir=in | name=f5 vpn |
"{BD51F3B6-E185-448D-A383-6B8E9740F70C}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{BEF3DE4D-C666-4D2C-84C1-85EF8ABB6DA6}" = dir=out | name=hp connected photo powered by snapfish |
"{C3CC64C1-95E1-4B63-A8B4-572B4ADE2F31}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C5318BE6-C755-4D35-8041-985F2F29EF81}" = dir=out | name=skype |
"{C5BE3F73-7262-483B-ABBC-65A5BE3E232C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C605FB0C-A04F-4CBD-9BA3-1FB88BA87C8D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C6AA1ED7-EF52-4A6D-92C6-7B029B728990}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{C9B811DD-9A0E-4288-BE32-2C1A3F58DCE3}" = dir=in | name=microsoft solitaire collection |
"{CEF92AB3-2B24-471A-8C76-8E1F289054F5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CF39F40F-536A-4F83-B63F-65DAA14B7036}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D02F2EE4-F988-4F54-9728-FB0EE2DF97CD}" = dir=in | name=skype |
"{D0F78551-DE0F-4188-89FD-BBA41D896E9A}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D1750D54-F58D-4614-BAF7-CFCA40F18CD3}" = dir=in | name=juniper networks junos pulse |
"{D344CBD1-589A-4950-A2E6-35E4DF76CD34}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{D456C7E0-1B24-4C41-855C-E7AB884CA981}" = dir=out | name=f5 vpn |
"{D5BBD082-DB0D-4EB1-B143-5BE067A0BE8A}" = dir=out | name=microsoft mahjong |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D6F561A4-FF89-4C8F-ADAF-D6ADBF31A07B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{DAF0F1D7-3F81-45A6-9B4D-6D033C4B0B8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DCC1CCDE-2D91-459D-AC83-ED5E9BF4E2F7}" = dir=in | name=sonicwall mobile connect |
"{DDFF9101-1312-4003-A39A-30FADC81D7C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0770A15-1BDC-4377-8073-81F97A0837D0}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
 
"{E0E8D3C5-F0BA-4BB6-8111-F93942904DD0}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E2879D1E-38F6-4603-AA63-55472D4F0F74}" = dir=in | name=ebay |
"{E4EED24F-DDB4-4443-8204-0D160807D374}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E6A80F52-2F82-462E-A797-D3D91B46A860}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED405F2C-FA6B-4669-92D4-8A31D01CEC46}" = dir=out | name=skype |
"{EF36C2AA-922F-43F0-B735-33AFBE526A0D}" = dir=out | name=microsoft solitaire collection |
"{F254F4CF-B3C3-4B98-804D-A0E68270F63F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F35D176A-2E25-4AD2-9F3C-2D9EC4857F8E}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F5F64036-DD59-4AFF-BAD3-E6B5833252BF}" = dir=out | name=hp registration |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
"{F713DEB3-1F62-4C9F-815C-933C9822F6C2}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\lol.exe |
"{F71D6C3C-C395-4DFC-A211-D1775B4BE6B7}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{F7207D42-42CE-421D-898C-287EA6E02909}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F9CA62CA-8933-4019-BF6D-7FF6B00910AB}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FC96E6AD-184E-4321-B96C-5CBAA65A9F8F}" = dir=in | name=check point vpn |
"{FEE98849-68D5-4136-A701-B8FFA2EB8485}" = dir=out | name=netflix |
"{FFFD3117-1DE6-4752-8556-72C99B30D4F8}" = dir=out | name=hp connected photo powered by snapfish |
"TCP Query User{0DDEA4AB-8116-45E1-A820-173B48F6CD26}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{3B79D7D2-4AF6-42C1-A9DA-5C41A76D14A2}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{1EAB4816-3066-4AF6-A1DA-55618F533B9E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{F616E597-3BF3-42F7-8BD4-8AA9C39A9FAC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{307AA214-8490-9119-DA81-C8E875AD1C94}" = Ralink Bluetooth Stack64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0170510}" = Java SE Development Kit 7 Update 51
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368E4EF8-E840-40EE-A224-50B8D1DC2B12}" = HTC Sync Manager
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}" = HP Connected Backup
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}" = BlueStacks Notification Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A029F666-056B-4399-B72E-214C5990B684}" = HP Documentation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B7EF4005-913F-446F-B957-7005BA891C56}" = Acceso Directo Nextel
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}" = HPDetect
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E46CECB5-F7AA-4583-BF20-0761F16AD987}" = Load Ace62 (ATLANTIC GRACE)
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BlueStacks App Player" = BlueStacks App Player
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LoLPH" = Garena - League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobile Partner" = Mobile Partner
"nbi-glassfish-mod-4.0.0.89.0" = GlassFish Server Open Source Edition 4.0
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Video Performer" = Video Performer
"VLC media player" = VLC media player 2.0.0
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0021b7e4-62a5-474b-be1d-abb060a54392" = Hoyle Card Games
"WTA-09aa637b-1587-4385-9fd4-ac54d832e459" = Zuma's Revenge
"WTA-59763575-3bb2-4a55-9c50-56c3c19cb6c7" = FATE: The Cursed King
"WTA-5e05ad85-18a2-47d5-857a-3c70261e1b98" = Roads of Rome 3
"WTA-61b1f9bc-659e-4e7f-820a-d48db6d1b8d4" = Luxor Evolved
"WTA-7480ea9e-27e5-4346-9340-2c181369137d" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-79b18580-9c44-4d82-ada3-f02dcac5ea43" = Cradle Of Egypt Collector's Edition
"WTA-7bd9220d-6e38-4bbc-8198-dfaa90822b19" = Jewel Match 3
"WTA-8f66c978-192d-49f4-a5c7-d1e31a499af7" = 4 Elements II
"WTA-935bd0cc-26f5-4e83-926a-be8309d75733" = Polar Bowler
"WTA-99adf316-0268-46ef-845d-27572ddcc66f" = Bejeweled 3
"WTA-a0a624af-97a7-4626-8175-d6d675883c9d" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-b0690451-0d4a-487d-91f4-80e48cdb5d1c" = Cradle of Rome 2
"WTA-b10de435-2c1e-4e91-a70e-1920ef344345" = John Deere Drive Green
"WTA-b390dfb2-801a-4bf3-b26a-5d1ad8b4265f" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-bcfd825c-aa81-4cef-a5d4-e75c05f7307e" = Farm Frenzy
"WTA-bfbe24a3-c62e-4169-ad03-7b85e9ec1ee0" = Chuzzle Deluxe
"WTA-c403f162-ade4-4f6f-b5f5-457b8eefbf93" = Governor of Poker 2 Premium Edition
"WTA-d495fd21-0d71-4a3e-acec-9204d38b405a" = FlatOut 2
"WTA-e1d0bbaa-624b-4d8c-b8f9-387f499d88a8" = Final Drive Fury
"WTA-e518bf2c-172f-4701-876c-8cda2e0b06c7" = Vacation Quest™ - Australia
"WTA-e5667b68-d539-4465-9471-bed396f3e709" = Tales of Lagoona
"WTA-eddbcbdb-0562-4ae6-9267-a4ebd7c379f9" = Polar Golfer
"WTA-f1b24906-c39b-4fee-b604-fc7632274baa" = Peggle Nights
"WTA-f5c7f5a0-dc7d-4b1e-872a-74f7f5336f74" = Penguins!
"WTA-f76b0e0a-87cf-4279-b77f-e9b1db84f508" = Build-a-lot 4 - Power Source

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 12/13/2013 5:06:22 PM | Computer Name = hp | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024846 at interop.Scheduler.ITaskFolder.CreateFolder(String
subFolderName, Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
_TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Message: The
request is not supported. (Exception from HRESULT: 0x80070032) StackTrace: at
interop.Scheduler.ITaskFolder.CreateFolder(String subFolderName, Object sddl)
at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean isAdmin,
String strName, String strDescription, String strStartTime, Int16 shrDOW, _TASK_TRIGGER_TYPE2
trigType, String strExePath, String strExeArgs) Source: interop.Scheduler Name: hpsa_service.exe
Version:
07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6037 Ram Utilization: 10 TargetSite: interop.Scheduler.ITaskFolder CreateFolder(System.String,
System.Object)

Error - 1/12/2014 7:12:18 PM | Computer Name = hp | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024846 at interop.Scheduler.ITaskFolder.CreateFolder(String
subFolderName, Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
_TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Message: The
request is not supported. (Exception from HRESULT: 0x80070032) StackTrace: at
interop.Scheduler.ITaskFolder.CreateFolder(String subFolderName, Object sddl)
at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean isAdmin,
String strName, String strDescription, String strStartTime, Int16 shrDOW, _TASK_TRIGGER_TYPE2
trigType, String strExePath, String strExeArgs) Source: interop.Scheduler Name: hpsa_service.exe
Version:
07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6037 Ram Utilization: 20 TargetSite: interop.Scheduler.ITaskFolder CreateFolder(System.String,
System.Object)

Error - 1/13/2014 9:08:37 PM | Computer Name = hp | Source = hpsa_service.exe | ID = 2000
Description =

Error - 1/13/2014 9:08:39 PM | Computer Name = hp | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.Detect()

at HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.Detect()

at HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager

Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: en-US RAM: 6037 Ram Utilization: TargetSite:
Void Detect()

Error - 1/14/2014 3:46:03 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000 at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.reopenTempSession()

at HP.SupportFramework.Utilities.CustomerExperience.HPSASession..ctor(Boolean
ReopenTempSession) at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.reopenTempSession()

at HP.SupportFramework.Utilities.CustomerExperience.HPSASession..ctor(Boolean
ReopenTempSession) at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6037
Ram
Utilization: 10 TargetSite: Void Throw(System.Exception)

Error - 1/14/2014 3:46:05 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Source:
System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Format: en-US RAM: 6037 Ram Utilization: 10 TargetSite:
Void Throw(System.Exception)

Error - 1/14/2014 3:46:05 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6037
Ram
Utilization: 10 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/14/2014 3:46:38 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000 at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Source:
System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Format: en-US RAM: 6037 Ram Utilization: TargetSite: Void
Throw(System.Exception)

Error - 1/14/2014 3:56:40 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000 at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.reopenTempSession()

at HP.SupportFramework.Utilities.CustomerExperience.HPSASession..ctor(Boolean
ReopenTempSession) at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.reopenTempSession()

at HP.SupportFramework.Utilities.CustomerExperience.HPSASession..ctor(Boolean
ReopenTempSession) at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6037
Ram
Utilization: TargetSite: Void Throw(System.Exception)

Error - 1/14/2014 3:56:41 AM | Computer Name = hp | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Source:
System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Format: en-US RAM: 6037 Ram Utilization: TargetSite: Void
Throw(System.Exception)

[ System Events ]
Error - 1/31/2014 7:17:32 PM | Computer Name = Ezra | Source = DCOM | ID = 10010
Description =

Error - 1/31/2014 7:18:02 PM | Computer Name = Ezra | Source = DCOM | ID = 10010
Description =

Error - 1/31/2014 7:18:32 PM | Computer Name = Ezra | Source = DCOM | ID = 10010
Description =

Error - 1/31/2014 7:19:02 PM | Computer Name = Ezra | Source = DCOM | ID = 10010
Description =


< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
O33 - MountPoints2\{d21e1bfc-7d98-11e3-bf2e-68942376b0a2}\Shell - "" = AutoRun
O33 - MountPoints2\{d21e1bfc-7d98-11e3-bf2e-68942376b0a2}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
@Alternate Data Stream - 237 bytes -> C:\Users\hp 13\SkyDrive:ms-properties
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:CB0AACC9

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.79
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Java SE Development Kit 7 Update 51
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Mobile Partner OnlineUpdate ouc.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 08-01-2014
Ran by hp 13 (administrator) on 01-02-2014 at 06:24:23
Running from "C:\Users\hp 13\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 04:25] - [2013-08-22 04:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-13 22:28] - [2013-11-13 22:28] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A

C:\Windows\System32\dnsrslvr.dll
[2013-11-13 22:28] - [2013-11-13 22:28] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 22:23] - [2013-11-13 22:23] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-13 22:28] - [2013-11-13 22:28] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-13 22:29] - [2013-11-13 22:29] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

C:\Windows\System32\iphlpsvc.dll
[2013-11-13 22:29] - [2013-11-13 22:29] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Reset restore points manually.
Turn system restore off.
Restart computer.
Turn system restore on.

Then continue with step 3.
 
The OTL.exe worked again. I copy pasted the command and it rebooted. But it was all black and took a while before it got to the start menu. The log just flashed before my eyes then closed itself. :/ how can I get the log for OTL? and does that usually happen when you use OTL.exe?
 
I've done all the steps, man. :) Is it okay now? Cause I still see this svchost.exe with 63+k running in the background.
 
RAM usage doesn't matter.
The only thing that matters is CPU usage.
Open Task Manager and let me know about it.
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
138
dangh
dangh
Shawn Knight
Walmart starts selling Apple's MacBook Air for the first time, starting at $699
Replies
12
Views
247
Bobbydpue
Bobbydpue
Shawn Knight
Asrock and MSI motherboards now support 256 GB of DDR5 memory
Replies
7
Views
461
thewelshbrummie
T

Latest posts

Back