Jump to content

IcePrincess

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Jim_2 at 2013-10-16 10:49:59 Run:2 Running from C:\Users\Jim_2\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION C:\Users\Jim_2\random.dat AlternateDataStreams: C:\ProgramData\TEMP:0C1EFF69 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\Users\Jim_2\Cookies:dgFejUhjfUHVYM9LsXHGQ50p AlternateDataStreams: C:\Users\Jim_2\Cookies:ZlZnatqCNkMfwmCvxwvVwhK AlternateDataStreams: C:\Users\Jim_2\AppData\Local\Temporary Internet Files:8iF2l1KkNaiVFc94KLWIg1j End ***************** HKLM\SOFTWARE\Policies\Google => Key deleted successfully. "C:\Users\Jim_2\random.dat" => File/Directory not found. "C:\ProgramData\TEMP" => ":0C1EFF69" ADS not found. C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully. "C:\Users\Jim_2\Cookies" => ":dgFejUhjfUHVYM9LsXHGQ50p" ADS not found. "C:\Users\Jim_2\Cookies" => ":ZlZnatqCNkMfwmCvxwvVwhK" ADS not found. "C:\Users\Jim_2\AppData\Local\Temporary Internet Files" => ":8iF2l1KkNaiVFc94KLWIg1j" ADS not found. ==== End of Fixlog ====
  2. I thought re-installing would solve it, but it hasn't so, I've left it alone.
  3. Everything found has been solved. Just a minor thing, when I uninstalled Adv Systemcare 6, it seemed to have erased something related to my wireless settings. It doesn't startup automatically now, everytime I reboot system, I'm prompt to re-enter security key.
  4. Nevermind, it was McAfee blocking edits to the hosts file, got it fixed.
  5. SystemLook 30.07.11 by jpshortstuff Log created at 17:18 on 15/10/2013 by Jim_2 Administrator - Elevation successful ========== filefind ========== Searching for "rundll32.exe" C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe --a---- 218184 bytes [23:50 11/10/2013] [18:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC C:\Windows\System32\rundll32.exe --a---- 45568 bytes [23:57 13/07/2009] [01:39 14/07/2009] DD81D91FF3B0763C392422865C9AC12E C:\Windows\SysWOW64\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8 C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe --a---- 45568 bytes [23:57 13/07/2009] [01:39 14/07/2009] DD81D91FF3B0763C392422865C9AC12E C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8 -= EOF =- ------------------------------------------------ RogueKiller V8.7.3 _x64_ [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jim_2 [Admin rights] Mode : Scan -- Date : 10/15/2013 17:26:59 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MK1059GSMP +++++ --- User --- [MBR] d81af62b84f9232e26b3397e63b35666 [bSP] 068733cfa271e4162a8c576d679718bc : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935335 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - Generic Flash Disk USB Device +++++ --- User --- [MBR] 9ca04fb83051435057bf78c827848367 [bSP] 5c7d1f224546e443808e0f106485ee32 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo 1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo 2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo 3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 0 | Size: 1775989 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - Verbatim STORE N GO USB Device +++++ --- User --- [MBR] 55bfb0d64d58c600780bcb3ae3caef06 [bSP] 5f18ed01b81868c390d22c4e87f96de6 : MBR Code unknown Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 30543 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_10152013_172659.txt >> Looks like problem solved, I used that rundll32.exe for Windows 7 Gif Viewer. Thanks for all your help. What is this current registry always found? And how do I unlock my hosts file?
  6. SystemLook 30.07.11 by jpshortstuff Log created at 12:01 on 15/10/2013 by Jim_2 Administrator - Elevation successful ========== filefind ========== Searching for "rundll32.exe" C:\rundll32.exe --a---- 33280 bytes [06:48 06/02/2013] [05:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe --a---- 218184 bytes [23:50 11/10/2013] [18:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC C:\Windows\System32\rundll32.exe --a---- 45568 bytes [23:57 13/07/2009] [01:39 14/07/2009] DD81D91FF3B0763C392422865C9AC12E C:\Windows\SysWOW64\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8 C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe --a---- 45568 bytes [23:57 13/07/2009] [01:39 14/07/2009] DD81D91FF3B0763C392422865C9AC12E C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8 -= EOF =-
  7. I noticed these startup entries come from scanning TASKS, is this task schedule?
  8. RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jim_2 [Admin rights] Mode : Scan -- Date : 10/14/2013 00:57:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 5 ¤¤¤ [All Users][HJNAME] rundll32.exe : C:\Users\All Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> FOUND [Default][HJNAME] rundll32.exe : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> FOUND [Default User][HJNAME] rundll32.exe : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> FOUND [desktop.ini][HJNAME] rundll32.exe : C:\Users\desktop.ini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> FOUND [Public][HJNAME] rundll32.exe : C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MK1059GSMP +++++ --- User --- [MBR] d81af62b84f9232e26b3397e63b35666 [bSP] 068733cfa271e4162a8c576d679718bc : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935335 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - Generic Flash Disk USB Device +++++ --- User --- [MBR] 9ca04fb83051435057bf78c827848367 [bSP] 5c7d1f224546e443808e0f106485ee32 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo 1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo 2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo 3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 0 | Size: 1775989 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_10142013_005757.txt >> Is there a way to unlock hosts file after using DrWeb? I would like to re-add Spybot S&D entries in the host file (and it looks like it has turned into French language)
  9. Thanks for all your help Kevin, I don't think I have any viruses or such. I run scans everyday with my manually created Task Scheduler. And also, I just ran RK on other laptop, same 2 startup results. The other laptop isn't used for anything besides updating McAfee & Wndows Update.
  10. And it also looks like everytime I run RogueKill, I get those policy registries..seems to be worse than before. I have IE9, just noticed the FixIt.txt from yesterday changed it to somehow display IE10 I must've missed this the first time but, how'd it get from IE9 > IE10 when I don't have IE10?
  11. Hm, looks like DrWeb has locked the hosts file..
  12. Might have to fix hosts with Spybot S&D again, but that's fine. CureIt log attached CureIt.txt
  13. Extras : OTL Extras logfile created on: 13/10/2013 7:13:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim_2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.86 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 73.50% Memory free 11.71 Gb Paging File | 9.52 Gb Available in Paging File | 81.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 913.41 Gb Total Space | 837.44 Gb Free Space | 91.68% Space Free | Partition Type: NTFS Drive E: | 970.73 Mb Total Space | 5.73 Mb Free Space | 0.59% Space Free | Partition Type: FAT Drive I: | 29.82 Gb Total Space | 8.09 Gb Free Space | 27.14% Space Free | Partition Type: FAT32 Computer Name: JIM-PC | User Name: Jim_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = jsfile] -- Reg Error: Value error. File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .js [@ = jsfile] -- Reg Error: Value error. File not found [HKEY_USERS\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- Reg Error: Value error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- Reg Error: Value error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A01EB77-07D2-423B-9E98-30C1ABD9D4B8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{0F1105CC-18F6-4B60-9E87-D967A4EF3020}" = lport=2869 | protocol=6 | dir=in | app=system | "{18FA3B29-FDD1-4EC2-9F8F-DCB2A9239765}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{557B1086-EC97-4D19-91CA-B7BE89B5F9F0}" = rport=138 | protocol=17 | dir=out | app=system | "{585C0684-AF1C-4649-AA88-0D80236FC271}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{662C3DAA-CA0F-4409-9015-65D697038605}" = rport=137 | protocol=17 | dir=out | app=system | "{69EC5EAB-582E-4517-969E-F3B58DE8EB28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70D290CC-CDBC-4E96-90B5-AB9BDEF23A8B}" = lport=139 | protocol=6 | dir=in | app=system | "{7573F72A-A5FA-448A-8E0C-AC6CA65EF7BF}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{8B89621C-D74C-4D61-91C6-DD3F5B6D99B9}" = lport=445 | protocol=6 | dir=in | app=system | "{90530B7D-3719-4B56-87A1-4E78A81493CC}" = rport=445 | protocol=6 | dir=out | app=system | "{972F8766-3EDD-45BD-872C-1ED18E5A47C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A6823EE3-E34F-41DF-BFEB-68446ED4E70B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3ECF414-1598-4B87-BD97-B70E0001CC19}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{B444B68B-5065-4361-8CC7-051388D261A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{C848F798-F4BD-43AB-B15D-D49E3A526497}" = rport=139 | protocol=6 | dir=out | app=system | "{D6BEAF13-F792-4C7B-85FD-1BE3324586EF}" = lport=137 | protocol=17 | dir=in | app=system | "{DD8E8452-A215-45C3-A7CE-F8F7FA964C78}" = lport=138 | protocol=17 | dir=in | app=system | "{E46C27DF-C257-478C-A43E-40C7E1EA9806}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E8B8F72B-493D-4C25-BFDA-4100645E903B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{F6E750D3-6D0E-4C94-B2E7-7D660B948A7A}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051C02A3-882E-4775-A0AB-A4EAB3BDA5F7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{075BEFE1-B316-4C23-87B6-6ADA721567E2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1C93AA7D-9521-4C6A-B15F-73340C297215}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent.exe | "{1ED07340-328D-4181-81CC-F7411ADD4F8D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{26DF0221-2F2C-4F20-894E-317A72B6946D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2EA8DC4E-B00F-4BD1-A1CC-89B010527667}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{30B1B6E2-5F0D-4ED6-A56E-64CBAEE5D900}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3D167838-1ED3-42F6-AA88-2DCC0ABBB96C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{3FE382EC-7D24-4D9B-ABF5-571BB9709C51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CF7F7F4-7483-44D9-AE25-C72C46E730AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5AC91860-AFB9-46D7-91F1-87B4C62A932F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5F7FF503-C0AE-46B3-969B-526E8151219E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{66296DD3-CF42-4564-A9C9-FE5B66809EEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{6744DD9A-F41F-401F-B003-6D0F265CCAAF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{6BEC464E-6E9B-464D-BE58-1FC5341857D6}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{6F531107-3B67-4AC8-A5B7-FAA65BD65689}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | "{79548A7A-AFAA-4658-9C78-346FB4EB1BA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7A601DCD-4FAA-4C38-ACCD-97EE7A9E00A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7D37C063-3069-49AE-82A6-702D2946E837}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{87EBB461-F8F8-4053-AEAC-167E3F4DD9C6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent.exe | "{890E40CB-4D4D-438E-9FEB-F210A4A61D4F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{8AE059D9-334E-4C9A-994F-97EF0464EB59}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8BCCA73D-167C-4BCD-9DA7-CA7731850E63}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | "{9A5FBA90-59AA-41E6-ABBB-F3FBF0A4BAB5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{9D832BFB-1D2A-4B67-ADF3-0BD6D1F5DE2E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | "{9F1F2948-73DE-40E1-AA11-A66B9D3F83CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A86BD12D-34BA-4752-BE8E-80951558E567}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{B472A88F-895F-4B7F-BF95-CA9433F70358}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{BC55E47C-192C-4869-A747-05E7A3DC477F}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{BEBB9B0A-5C20-4891-8B79-EE8B312F3068}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{BF93E0EF-124E-4128-BE9D-F824834CF680}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{C221CE2D-7E46-4ABB-BA7A-FD2393F6E715}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C9267553-8480-4854-B5FA-26BF0132B4BA}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{CD344454-97BF-4C68-99F8-DF32E5A8F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{D70A70BF-05D7-4EB4-A8B1-8855115B5F18}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{D990A169-4C3C-4CBC-8062-7A1ED25A31BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E3A918EF-2472-464E-8451-62C3AA124379}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{E46D16CB-B242-41D3-B187-36725062DF50}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{E87B7E66-59F1-4500-B427-CD2076019D56}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EEF8F452-AAD7-4773-B899-E21C5D51850C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{EF10F65C-49CB-4660-8EF3-DF5FACB45DFC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{F19F3655-8283-48F2-8FF7-491B9B0B746A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{FF0E7EB2-1983-48B0-9D1C-3E1C2EF8ADB2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{1D81C8A4-B965-45C3-BA6C-44755DC61625}I:\portableapps\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=i:\portableapps\utorrentportable\app\utorrent\utorrent.exe | "TCP Query User{21B51957-1D3E-4FF8-BA96-4019067C481A}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | "TCP Query User{34D24C8E-1915-4EA5-A024-F95EA3A0D8F9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{52DD879D-8EA5-4A65-BE13-736A78E32EDF}C:\program files (x86)\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent.exe | "TCP Query User{9179BD91-D812-46FF-91C4-553602F43BFD}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "UDP Query User{00BE4B1A-B2B8-46CE-8B9A-3C72EFFA6A1C}I:\portableapps\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=i:\portableapps\utorrentportable\app\utorrent\utorrent.exe | "UDP Query User{1F053220-DD9B-4FCA-BFC1-028F1ABDFCCA}C:\program files (x86)\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent.exe | "UDP Query User{7BF6B627-E4F4-44A0-8D2B-BFB892DA1A34}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{B2ADB40E-01AF-4B7B-8434-2774221454DE}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "UDP Query User{C9A315F7-2230-41E8-80D3-449089806261}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0925-000001000000}" = 7-Zip 9.25 (x64 edition) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64 "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL "LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2 "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6B2847D2-E3DD-44C0-BAC2-58D12221691F}" = TechSmith Screen Capture Codec "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3 "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup "{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium "{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}" = Evernote v. 4.6.7 "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE "{BDEE7660-E08C-4824-8577-6CE12F8C3492}_is1" = gPhotoShow v1.7.0 "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise "{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "Identity Card" = Identity Card "Index.Dat Viewer 3" = Index.Dat Viewer 3 "IrfanView" = IrfanView (remove only) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MCShield" = MCShield ::Anti-Malware Tool:: "Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.57 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless "Rainmeter" = Rainmeter "Roxio PhotoShow" = Roxio PhotoShow "SpywareBlaster_is1" = SpywareBlaster 5.0 "TightVNC" = TightVNC 2.0.4 "VLC media player" = VLC media player 2.0.8 "Winamp" = Winamp "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13/10/2013 10:22:47 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3030 Description = Error - 13/10/2013 10:22:48 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 1006 Description = Error - 13/10/2013 10:29:13 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3030 Description = Error - 13/10/2013 10:29:14 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 1006 Description = Error - 13/10/2013 10:32:23 AM | Computer Name = Jim-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 13/10/2013 10:32:23 AM | Computer Name = Jim-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 13/10/2013 7:08:49 PM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3030 Description = Error - 13/10/2013 7:08:50 PM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 1006 Description = Error - 13/10/2013 7:10:42 PM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3030 Description = Error - 13/10/2013 7:10:46 PM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 1006 Description = [ System Events ] Error - 13/10/2013 10:22:27 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 59 time(s). Error - 13/10/2013 10:22:49 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Search service terminated with the following error: %%5 Error - 13/10/2013 10:22:49 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 60 time(s). Error - 13/10/2013 10:29:15 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Search service terminated with the following error: %%5 Error - 13/10/2013 10:29:15 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 61 time(s). Error - 13/10/2013 5:00:21 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error - 13/10/2013 7:08:51 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Search service terminated with the following error: %%5 Error - 13/10/2013 7:08:51 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 62 time(s). Error - 13/10/2013 7:10:47 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Search service terminated with the following error: %%5 Error - 13/10/2013 7:10:47 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 63 time(s). < End of report >
  14. OTL : OTL logfile created on: 13/10/2013 7:13:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim_2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.86 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 73.50% Memory free 11.71 Gb Paging File | 9.52 Gb Available in Paging File | 81.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 913.41 Gb Total Space | 837.44 Gb Free Space | 91.68% Space Free | Partition Type: NTFS Drive E: | 970.73 Mb Total Space | 5.73 Mb Free Space | 0.59% Space Free | Partition Type: FAT Drive I: | 29.82 Gb Total Space | 8.09 Gb Free Space | 27.14% Space Free | Partition Type: FAT32 Computer Name: JIM-PC | User Name: Jim_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/10/13 19:10:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim_2\Desktop\OTL.exe PRC - [2013/10/11 23:30:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/10/29 10:33:56 | 000,546,688 | ---- | M] (IObit) -- C:\Users\Jim_2\Documents\Tools\SmartRam\SmartRAM.exe PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2011/08/24 22:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/01/12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2011/01/12 14:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe ========== Modules (No Company Name) ========== MOD - [2013/10/11 23:30:38 | 003,354,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/10/30 05:37:26 | 000,348,032 | ---- | M] () -- C:\Users\Jim_2\Documents\Tools\SmartRam\madExcept_.bpl MOD - [2012/10/30 05:37:24 | 000,050,048 | ---- | M] () -- C:\Users\Jim_2\Documents\Tools\SmartRam\madDisAsm_.bpl MOD - [2012/10/30 05:37:22 | 000,182,656 | ---- | M] () -- C:\Users\Jim_2\Documents\Tools\SmartRam\madBasic_.bpl MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll MOD - [2011/08/24 22:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/02/26 03:12:26 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012/02/25 13:03:04 | 000,156,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/02/25 13:03:01 | 000,190,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011/08/02 15:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2011/05/02 18:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/05/02 18:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 18:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/11/29 19:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2013/10/09 11:16:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/02 17:05:08 | 000,121,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2013/09/26 16:11:11 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013/07/25 09:40:44 | 000,162,672 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011/12/05 22:31:16 | 003,976,136 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/08/03 09:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/06/21 16:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/20 21:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/15 00:58:06 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/12/06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/20 13:40:52 | 000,023,736 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tenCapture.sys -- (tenCapture) DRV:64bit: - [2012/04/06 14:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/25 13:03:04 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/02/25 13:03:04 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/02/25 13:03:03 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/02/25 13:03:01 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/02/25 13:03:01 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011/11/11 10:06:26 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011/11/11 10:06:26 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011/11/11 10:06:26 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011/09/20 06:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011/09/20 06:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/06/21 19:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/06/21 19:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/06/10 14:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/05/16 18:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011/05/09 23:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011/05/06 14:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/05 07:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/01/20 22:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011/01/20 22:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010/11/29 19:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 04:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64) DRV:64bit: - [2009/06/02 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64) DRV:64bit: - [2009/06/02 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64) DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 AB 2B 7B D4 C5 CE 01 [binary data] IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: File not found FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/03 19:13:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/18 18:29:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/07 02:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions [2013/10/11 19:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim_2\AppData\Roaming\mozilla\Firefox\Profiles\aulv137g.default\extensions [2013/10/11 23:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/10/11 23:30:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/10/11 23:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\21.0\browser\extensions [2013/10/11 23:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\21.0\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/10/11 23:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/11 23:30:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/10/11 23:30:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: McAfee (Enabled) CHR - default_search_provider: search_url = http://ca.search.yahoo.com/search?fr=mcafee&p={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.theweathernetwork.com/weather/canada/ontario/markham CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\npSkypeChromePlugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_156.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: Adblock Plus = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\ CHR - Extension: Search by Image (by Google) = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0\ CHR - Extension: Video Downloader professional = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.36_0\ CHR - Extension: SiteAdvisor = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_1\ CHR - Extension: AdBlock = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\ CHR - Extension: TinEye Reverse Image Search = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0\ CHR - Extension: RealDownloader = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\ CHR - Extension: Skype Click to Call = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\ CHR - Extension: Chrome In-App Payments service = C:\Users\Jim_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ O1 HOSTS File: ([2013/10/13 00:45:09 | 000,450,556 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15468 more lines... O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130912005408.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130912005408.dll (McAfee, Inc.) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2971935575-3012715249-423143216-1001..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKU\S-1-5-21-2971935575-3012715249-423143216-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2971935575-3012715249-423143216-1001..\Run: [smartRAM] C:\Users\Jim_2\Documents\Tools\SmartRam\SmartRAM.exe (IObit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Jim_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe () O4 - Startup: C:\Users\Jim_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-2971935575-3012715249-423143216-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1720B08D-2461-4EB0-8F52-51BEAA17DC33}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6655DFB-57B1-496B-ADA6-72CF7637F905}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/09/18 23:55:10 | 000,000,046 | ---- | M] () - I:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ArcadeMovieService - hkey= - key= - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: CPMonitor - hkey= - key= - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe () MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe () MsConfig:64bit - StartUpReg: ETDCtrl - hkey= - key= - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: IntelTBRunOnce - hkey= - key= - C:\Windows\SysNative\wscript.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig:64bit - StartUpReg: MCShield Monitor - hkey= - key= - C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity) MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: SDTray - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.) MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/10/13 19:10:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim_2\Desktop\OTL.exe [2013/10/13 01:56:36 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\AppData\Local\CrashDumps [2013/10/13 01:39:16 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\Documents\ProcAlyzer Dumps [2013/10/12 12:43:36 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\Desktop\RK_Quarantine [2013/10/11 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/10/11 23:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/10/11 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\AppData\Roaming\Malwarebytes [2013/10/11 19:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/10/11 19:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/10/11 19:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/10/11 17:57:54 | 000,000,000 | ---D | C] -- C:\FRST [2013/10/11 17:56:47 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Jim_2\Desktop\FRST64.exe [2013/10/11 15:23:25 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jim_2\Desktop\esetsmartinstaller_enu.exe [2013/10/11 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\Documents\Tools [2013/10/10 11:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/10/10 03:19:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/10/10 03:19:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/10/10 03:19:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/10 03:19:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/10 03:19:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/10/10 03:19:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/10/10 03:19:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/10/10 03:19:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/10/10 03:19:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/10 03:19:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/10/10 03:19:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/10/10 03:19:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/10 03:19:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/10 03:19:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/10/10 03:19:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/09 10:52:35 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/09 10:52:27 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/09 10:52:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/09 10:52:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/09 10:52:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/09 10:52:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/09 10:52:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/09 10:52:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/09 10:52:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/09 10:52:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/09 10:52:19 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/10/09 10:52:17 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013/10/09 10:52:07 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/09 10:52:06 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013/10/09 10:52:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/09 10:52:04 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/09 10:52:04 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013/10/09 10:52:04 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013/10/09 10:52:02 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/09 10:51:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/09 10:51:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/09 10:51:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/09 10:51:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/09 10:51:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/09 10:51:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/09 10:51:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/09 10:51:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/09 10:51:32 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2013/10/09 10:51:25 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/09 10:51:24 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/10/07 11:34:20 | 000,000,000 | ---D | C] -- C:\54b39535965a7ed271ada92e66 [2013/10/05 11:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013/10/05 11:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013/10/05 11:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/10/05 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013/10/05 11:42:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013/10/04 02:01:55 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013/10/04 00:59:43 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2013/10/03 23:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013/10/03 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\AppData\Roaming\IObit [2013/10/03 23:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013/10/03 16:46:06 | 000,000,000 | ---D | C] -- C:\213569335c6701b27dee [2013/10/03 13:50:20 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\AppData\Local\Razer [2013/10/03 13:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2013/10/03 13:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2013/10/03 13:37:35 | 000,000,000 | ---D | C] -- C:\0e878230f54c2499dd1754974894cc [2013/10/03 13:32:18 | 000,000,000 | ---D | C] -- C:\7cf949c53a71097032067e83b1 [2013/10/02 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/10/02 12:34:23 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/10/02 12:34:23 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/10/02 12:34:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/10/02 12:34:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/10/02 12:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/10/02 12:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/09/30 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Jim_2\Documents\Stuff [2013/09/29 18:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013/09/16 02:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2013/09/16 01:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2013/09/16 01:30:36 | 000,000,000 | ---D | C] -- C:\Nexon [2013/09/16 00:59:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/09/16 00:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/09/16 00:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS [2013/09/16 00:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013/09/15 19:03:53 | 000,361,119 | ---- | C] (Farbar) -- C:\Windows\FRST_mod.exe [2013/09/14 02:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/13 19:10:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim_2\Desktop\OTL.exe [2013/10/13 19:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/10/13 17:11:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/10/13 10:32:26 | 007,499,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/13 10:32:26 | 003,588,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/13 10:32:26 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/13 01:40:13 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/13 01:40:13 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/13 01:33:52 | 003,077,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/13 01:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/13 01:32:20 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys [2013/10/13 01:26:42 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013/10/13 00:45:09 | 000,450,556 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/10/12 12:44:24 | 000,891,167 | ---- | M] () -- C:\Users\Jim_2\Desktop\SecurityCheck(1).exe [2013/10/11 17:56:45 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Jim_2\Desktop\FRST64.exe [2013/10/11 15:23:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jim_2\Desktop\esetsmartinstaller_enu.exe [2013/10/10 10:41:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/09 11:16:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/09 11:16:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/09 00:50:17 | 000,001,024 | ---- | M] () -- C:\.rnd [2013/10/09 00:50:12 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/09 00:46:47 | 000,001,065 | ---- | M] () -- C:\Users\Jim_2\Desktop\GameLauncher.exe.lnk [2013/10/08 23:52:29 | 000,002,279 | ---- | M] () -- C:\Users\Jim_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/10/05 12:24:36 | 000,002,697 | ---- | M] () -- C:\Users\Jim_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2013/10/05 12:01:56 | 000,001,131 | ---- | M] () -- C:\Users\Jim_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2013/10/02 19:08:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cscript [2013/10/02 12:44:20 | 000,001,160 | ---- | M] () -- C:\Users\Jim_2\Desktop\Images.lnk [2013/10/02 12:33:52 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/10/02 12:33:42 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/10/02 12:33:41 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/10/02 12:33:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/10/02 12:33:37 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/10/02 12:33:36 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/09/30 18:43:18 | 000,091,901 | ---- | M] () -- C:\Users\Jim_2\Documents\All Music.m3u [2013/09/29 18:53:56 | 000,001,003 | ---- | M] () -- C:\Users\Jim_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2013/09/28 00:25:57 | 000,450,550 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131013-004509.backup [2013/09/22 10:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/09/22 10:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/09/22 10:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/09/22 10:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/09/22 10:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/09/22 10:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/09/22 10:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/09/22 10:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/09/22 10:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/09/22 06:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/09/22 06:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/09/22 06:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/09/22 06:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/22 06:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/09/22 05:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/09/15 19:03:47 | 000,361,119 | ---- | M] (Farbar) -- C:\Windows\FRST_mod.exe [2013/09/14 16:00:08 | 000,002,502 | ---- | M] () -- C:\Windows\wininit.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/13 01:27:23 | 003,077,024 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/13 01:26:42 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013/10/12 12:44:28 | 000,891,167 | ---- | C] () -- C:\Users\Jim_2\Desktop\SecurityCheck(1).exe [2013/10/09 00:50:17 | 000,001,024 | ---- | C] () -- C:\.rnd [2013/10/09 00:46:47 | 000,001,065 | ---- | C] () -- C:\Users\Jim_2\Desktop\GameLauncher.exe.lnk [2013/10/08 13:51:33 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2013/10/03 19:22:24 | 000,001,730 | ---- | C] () -- C:\Users\Jim_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013/10/03 10:59:13 | 000,002,697 | ---- | C] () -- C:\Users\Jim_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2013/10/03 02:13:46 | 000,001,131 | ---- | C] () -- C:\Users\Jim_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2013/10/02 19:08:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cscript [2013/10/02 10:52:27 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2013/09/30 18:43:18 | 000,091,901 | ---- | C] () -- C:\Users\Jim_2\Documents\All Music.m3u [2013/09/29 18:53:56 | 000,001,003 | ---- | C] () -- C:\Users\Jim_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2013/04/17 19:13:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/10/30 19:05:25 | 000,000,000 | ---- | C] () -- C:\Users\Jim_2\AppData\Local\rx_image32.Cache [2012/10/23 22:44:52 | 000,025,704 | ---- | C] () -- C:\Users\Jim_2\AppData\Roaming\UserTile.png [2012/10/12 15:43:39 | 000,007,605 | ---- | C] () -- C:\Users\Jim_2\AppData\Local\Resmon.ResmonCfg [2012/04/15 16:44:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012/04/15 12:06:49 | 000,009,728 | ---- | C] () -- C:\Users\Jim_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/14 14:59:26 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/29 01:14:22 | 000,002,502 | ---- | C] () -- C:\Windows\wininit.ini [2012/03/25 22:00:18 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/02/25 12:11:56 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\newsXpresso [2012/01/23 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Screensaver [2012/04/12 01:27:05 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent [2013/05/28 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\Aleo Software [2013/06/07 02:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\avidemux [2013/08/03 19:34:08 | 000,000,000 | -HSD | M] -- C:\Users\Jim_2\AppData\Roaming\Common [2013/08/29 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\DisplayFusion [2013/10/03 23:49:32 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\IObit [2013/09/26 10:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\IrfanView [2012/03/25 21:59:46 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\Jasc [2012/10/29 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\LockHunter [2013/09/11 22:22:35 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\Mp3tag [2012/10/24 14:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\PowerCinema [2013/09/13 12:39:22 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\QuickScan [2013/09/11 22:22:35 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\Rainmeter [2013/10/02 12:35:37 | 000,000,000 | ---D | M] -- C:\Users\Jim_2\AppData\Roaming\SystemRequirementsLab ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %SYSTEMDRIVE%\*.exe > [2004/08/04 01:56:56 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\rundll32.exe < %LOCALAPPDATA%\*.exe > < MD5 for: EXPLORER.EXE > [2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.