Jump to content

tonycamero

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. HI. Is there anything you guys can do for this situation? or should I consider wiping my hard drive?
  2. RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Mark [Administrator] Mode : Scan -- Date : 02/14/2002 08:26:10 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 27 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\ComboFix\catchme.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] 10b28f7c4cd11571d1c0f9f931fd5d99 [bSP] 0d32bbfe79531a6bdd35ed963f8c7646 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_01302002_150416.log
  3. attached RKreport_SCN_02142002_082610.log
  4. I did attach those two reports in the previous message. Are you able to retrieve them? thanks!
  5. ComboFix 15-02-16.01 - Mark 02/05/2002 15:21:20.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2948 [GMT -6:00] Running from: c:\users\Mark\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msdownld.tmp c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2002-01-05 to 2002-02-05 ))))))))))))))))))))))))))))))) . . 2014-05-21 13:16 . 2014-05-21 13:18 -------- d-----w- C:\11ef91e2b1cc1d9a0cb4 2013-12-30 15:22 . 2013-12-30 15:22 -------- d-----w- C:\AMD 2013-12-12 02:21 . 2014-10-28 21:16 -------- d-----w- C:\Games 2013-09-30 18:36 . 2013-09-30 18:36 -------- d-----w- C:\SWTOOLS 2013-03-30 07:19 . 2013-03-30 07:19 -------- d-----w- C:\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} 2013-02-13 03:48 . 2013-03-03 01:15 -------- d-----w- C:\download 2012-12-01 17:30 . 2012-12-01 17:30 -------- d-----w- C:\Crash 2012-07-19 23:50 . 2012-07-19 23:50 -------- d-----w- C:\tmp 2012-01-08 10:32 . 2012-01-08 10:32 -------- d-----w- C:\c2490e40701df0d619d5c5 2011-11-09 10:46 . 2020-08-03 03:01 -------- d-----w- C:\vcs5BGEffects 2011-08-25 02:08 . 2011-08-25 02:08 -------- d-----w- C:\3ac478ef0e43639bf211ac 2011-03-29 00:30 . 2011-12-21 06:35 -------- d-----w- C:\Fraps 2010-12-26 02:09 . 2010-12-26 02:09 -------- d-----w- C:\.jagex_cache_32 2010-11-21 20:37 . 2013-03-03 01:16 -------- d-----w- C:\Nexon 2010-11-20 01:26 . 2013-03-03 01:19 -------- d-----w- C:\Perfect World Entertainment 2010-10-27 19:29 . 2010-10-27 19:29 -------- d-----w- C:\6777fb92cb13a52da77b659c35509325 2010-10-27 19:13 . 2010-10-27 19:13 -------- d-----w- C:\83549eafbeae9cdf05fd55b6 2010-10-27 18:15 . 2010-10-27 18:15 -------- d-----w- C:\MyWorks 2010-10-27 17:47 . 2011-09-18 00:21 -------- d-----w- C:\ATI 2010-10-27 17:35 . 2010-10-27 17:35 -------- d-----w- C:\Intel 2010-10-27 16:18 . 2013-09-25 02:30 -------- d-----w- C:\Recovery 2009-07-14 05:08 . 2009-07-14 05:08 -------- d-sh--we C:\Documents and Settings . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-04 09:17 . 2014-04-08 21:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-04-13 05:49 . 2013-09-25 09:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-09-25 09:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-09-25 09:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-09-25 09:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-09-25 09:47 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-09-25 09:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2012-10-16 07:39 . 2013-09-25 09:41 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-04-12 08:17 . 2011-04-12 08:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui 2011-04-12 08:17 . 2011-04-12 08:17 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui 2011-04-12 08:17 . 2011-04-12 08:17 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui 2011-04-12 08:17 . 2011-04-12 08:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui 2011-04-12 08:17 . 2011-04-12 08:17 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui 2011-04-12 08:17 . 2011-04-12 08:17 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui 2009-07-14 01:40 . 2009-07-13 23:32 52736 ----a-w- c:\windows\apppatch\AppPatch64\apihex64.dll 2009-07-14 01:14 . 2009-07-13 23:20 41984 ----a-w- c:\windows\apppatch\apihex86.dll 2009-07-14 01:14 . 2009-07-13 23:26 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2009-07-14 01:03 . 2009-07-13 23:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968] "RoccatKoneXTD"="c:\program files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE" [2013-10-25 552960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe [x] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys;c:\windows\SYSNATIVE\DRIVERS\ae1000w7.sys [x] R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x] R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x] S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2002-02-02 00:19 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2002-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-04 20:05] . 2002-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 03:31] . 2002-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 03:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ mDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mStart Page = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com uSearchAssistant = www.google.com Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 207.177.74.108 207.177.74.118 FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - ExtSQL: 2013-10-04 20:05; firefox@whilokii.net; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\firefox@whilokii.net.xpi FF - ExtSQL: 2013-10-05 19:58; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} FF - ExtSQL: 2013-10-05 19:59; addon@defaulttab.com; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\addon@defaulttab.com.xpi FF - ExtSQL: 2013-10-17 18:57; {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} FF - ExtSQL: 2013-11-21 19:01; firefox@passwordbox.com; c:\program files (x86)\PasswordBox\Firefox . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileAppSync - c:\program files (x86)\Mobile App Sync\D2MClient.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{9CFC1320-5114-7B27-0A02-FE2E77EBAA17} - c:\programdata\Deal4REAl\2R_1IEV.x64.dll AddRemove-MixiDJ_V30 Toolbar - c:\program files (x86)\MixiDJ_V30\UninstallerUI.exe AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\SecuROM\License information*] "datasecu"=hex:4c,ef,77,23,7b,ea,22,2d,29,20,9c,d5,14,5b,c1,78,e7,59,d6,5e,95, a0,f5,db,a0,bb,d1,a1,57,6e,69,6b,63,ee,bc,bd,f2,b6,71,03,e3,44,c3,88,0d,60,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2002-02-05 15:33:37 ComboFix-quarantined-files.txt 2002-02-05 21:33 . Pre-Run: 56,622,850,048 bytes free Post-Run: 56,460,980,224 bytes free . - - End Of File - - C0521E7E929191A5E263749DF18E484F A36C5E4F47E84449FF07ED3517B43A31
  6. Files attached FRST(1).txt Addition(1).txt
  7. Zoek.exe v5.0.0.0 Updated 10-February-2015 Tool run by Mark on Fri 02/01/2002 at 17:46:33.62. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mark\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 2/1/2002 5:49:43 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\656C4FBB-6D62-4880-9183-2D9C3161E1B6 deleted successfully C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\couepponpaeaakk deleted successfully C:\PROGRA~2\websaver deleted successfully C:\Program Files\010 deleted successfully C:\PROGRA~3\AVAST Software deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Mark\AppData\Roaming\Toribash deleted successfully C:\Users\Mark\AppData\Local\Adobe deleted successfully C:\Users\Mark\AppData\Local\DigitalDNA Games deleted successfully C:\Users\Mark\AppData\Local\WarThunder deleted successfully C:\Users\Mark\AppData\Local\WordOv deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F4496B7-5BFA-4FB2-BBFD-8547C4770D6D} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10F11E9D-6224-4145-8A8A-B6EB21EE5978} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{216DB24A-514B-4A98-9F54-2E9D1CDEF3D} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2388880C-4A44-4B20-A85B-E8F5FFB7996F} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25B20D62-D1E6-4662-B6B9-34E2D59034F0} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AD76689-50B5-4E4D-B40B-9C73FC9CB962} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BC41D5C-1A26-45E3-8D9F-EFF48DD5AB1F} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C68047E-F549-4EFA-989F-89A4FB49EB78} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{324D7221-32E1-4564-BD99-3D81CFB62D3A} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35ECDB46-F90E-447C-B009-BC879E747E32} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43B2CE59-F0A5-4EDA-97C8-A9E290A9468E} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C45B980-D4A4-4942-89CE-C035BABED69} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6E440E-3DA8-49C8-A2C8-53054BF1464B} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{533C94F3-C50E-4B39-AD21-1846F5789858} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563A02C9-5BDE-4782-84C5-6A0BF69DF9E3} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AC34228-2FE0-4223-9EB7-56BA3D9B5468} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B54177C-D7DB-4AF7-ABD2-7C84EBE7D535} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AE852-BDB0-4B07-A1A7-D38D30413F1C} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D3038BB-C1ED-4DEA-923D-2ABA8E16AA} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90C91B17-21A7-4A98-94BA-3D397AD579D2} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92FC1AC4-8840-443A-B817-34416A86B8B8} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{935D232B-452-467C-B841-5424D8B9E364} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94BCF6FE-EA50-4F94-B9BB-F070B24EACA7} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94E4E871-0D6B-4C59-BE3E-6BA1B3F7210E} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D38351C-C848-4B62-B481-5C9F68E5FA19} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C4CB10-5782-49C9-B046-E62F16ED95B9} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0F6F4E5-D63B-4186-96E8-02888F334836} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6244E89-E2B3-4D7A-BE6F-A255329BE144} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6BCA7E1-4F13-4591-B583-B716AE99D76D} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3CA4C03-73CC-46E2-B1C4-20F85B2A480C} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9006AF1-3C8B-4C26-9F49-07EFD35E12C8} deleted successfully HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF4FC184-DF15-4268-A1BD-9843C09A0421} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default user.js not found ---- Lines extensions.57gSdijMt1dam14y removed from prefs.js ---- user_pref("extensions.57gSdijMt1dam14y.epoch", "1"); user_pref("extensions.57gSdijMt1dam14y.scode", "void(0);"); user_pref("extensions.57gSdijMt1dam14y.url", "http://bestfindallusa.info/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh ---- Lines extensions.67yE0mP removed from prefs.js ---- user_pref("extensions.67yE0mP.epoch", "1"); user_pref("extensions.67yE0mP.scode", "void(0);"); user_pref("extensions.67yE0mP.url", "http://liveblackboxfile.info/sync/?q=hfZ9oen9CShEAen0qHC6tMqLDe49CNU0llrMCMlNhd9Fqda4rdCEqjsErTrMAe4UojwEqTCGrTr8 ---- Lines extensions.FdZl2EpYbPbKrwYy removed from prefs.js ---- user_pref("extensions.FdZl2EpYbPbKrwYy.epoch", "1"); user_pref("extensions.FdZl2EpYbPbKrwYy.scode", "void(0);"); user_pref("extensions.FdZl2EpYbPbKrwYy.url", "http://joburn.net/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh7n0rjnFrj ---- Lines extensions.KgWoqvspo1DgwxxC removed from prefs.js ---- user_pref("extensions.KgWoqvspo1DgwxxC.epoch", "1"); user_pref("extensions.KgWoqvspo1DgwxxC.scode", "void(0);"); user_pref("extensions.KgWoqvspo1DgwxxC.url", "http://filehelper.co.il/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh7n0 ---- Lines extensions.lEaDYLi removed from prefs.js ---- user_pref("extensions.lEaDYLi.epoch", "1"); user_pref("extensions.lEaDYLi.scode", "void(0);"); user_pref("extensions.lEaDYLi.url", "http://yourappzzz.com/sync/?q=hfZ9oeqEAGhEAen0qHC6tMqLDe49CNU0llrMCMlNhd9FqdwErjrFqdrErTnMAe4UojkGrja7rTn8rjnMC6q ---- Lines extensions.voomTLz removed from prefs.js ---- user_pref("extensions.voomTLz.epoch", "1"); user_pref("extensions.voomTLz.scode", "void(0);"); user_pref("extensions.voomTLz.url", "http://usamagicbestt.info/sync/?q=hfZ9ofDLDGhEAen0qHC6tMqLDe49CNU0llrMCMlNhd9Fqda5rTnFqjs6rjrMAe4Uojn5pjnErHr9qjn ---- FireFox user.js and prefs.js backups ---- prefs_20020201_0559_.backup ==== Deleting Files \ Folders ====================== C:\Users\Mark\AppData\LocalLow\{25A0FA6D-B658-DA19-CFC8-565FA1DE0249} deleted C:\Users\Mark\AppData\Local\Packages\windows_ie_ac_001\AC\{25A0FA6D-B658-DA19-CFC8-565FA1DE0249} deleted C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted C:\install.exe deleted C:\setup.exe deleted C:\found.000 deleted C:\Users\Admin\AppData\Roaming\appdataFr2.bin deleted C:\Users\Mark\AppData\Roaming\WB.CFG deleted C:\Users\Mark\AppData\Roaming\appdataFr2.bin deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\Avg_Update_1114tb deleted C:\PROGRA~3\Package Cache deleted C:\Users\Mark\AppData\Local\com deleted C:\Users\Mark\AppData\Local\avgchrome deleted C:\Users\Mark\AppData\Local\cache deleted C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Invalidprefs.js deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\jetpack deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\staged deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\CT3298566 deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\CT3314312 deleted C:\Users\Mark\AppData\Local\121391085dsisetup1213958752.exe deleted C:\Users\Mark\AppData\Local\2025282dsisetup20296352.exe deleted C:\Users\Mark\AppData\Local\788741dsisetup7946692.exe deleted C:\Users\Mark\AppData\Local\dsisetup672411102.exe deleted "C:\Users\Mark\AppData\Local\{178C9DFD-C5FF-4D70-9FCE-14A7E66AC2E5}" deleted "C:\Users\Mark\AppData\Local\{481E0F5E-5DE4-469E-972C-4E94E144B3CE}" deleted "C:\Users\Mark\AppData\Local\{4B3A50CF-3B2F-4D43-98F0-E61A63FA6F3B}" deleted "C:\Users\Mark\AppData\Local\{552599D7-9656-48EB-B91A-BEB8165B5C2C}" deleted "C:\Users\Mark\AppData\Local\{564BBFA0-3E0D-451F-BC6D-B587806F057E}" deleted "C:\Users\Mark\AppData\Local\{65AA4E7D-5DC9-4CBA-814A-38BF4C5A3FED}" deleted "C:\Users\Mark\AppData\Local\{906EE425-A8AE-4D14-8E8F-36D572DC25DB}" deleted "C:\Users\Mark\AppData\Local\{A2AB5985-0BC8-4D0B-A7A6-193B0222872C}" deleted "C:\Users\Mark\AppData\Local\{AD71EE06-C743-4BC0-A541-39AFB2524B5D}" deleted "C:\Users\Mark\AppData\Local\{B6ECC62A-E70A-4FCE-9875-15C2071A189A}" deleted "C:\Users\Mark\AppData\Local\{EB66841D-F68D-4EE0-8E85-6585E53D0BBB}" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default user_pref("browser.search.defaultenginename", "Yahoo"); user_pref("browser.search.selectedEngine", "Yahoo"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "firefox@passwordbox.com"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 06:59 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default - redirectcleanerexamplenet - %ProfilePath%\extensions\redirectcleaner@example.net - sharemenotfranziroesnercom - %ProfilePath%\extensions\sharemenot@franziroesner.com - skipcerterrorfoudilfr - %ProfilePath%\extensions\skipcerterror@foudil.fr AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash 898B418862E387276CD063324744CF5C - C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner + ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 36.0.1985.143 (Possible outdated, latest Stable version: 40.0.2214.111) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lpadbdkobbgjgonnfnipfngifldcdfin - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx[] Docs - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Docs - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake ==== Chromium Fix ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letsfinder.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letsfinder.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fixcomputersave.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fixcomputersave.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scriptsession.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scriptsession.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage-journal deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.doko-search.com_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.doko-search.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== shortcuts on Users Desktops ====================== C:\Users\Mark\Desktop\Approaching Nirvana - Reboot (Advanced Copy) (2).lnk - C:\Users\Mark\Downloads\Approaching Nirvana - Reboot (Advanced Copy).zip C:\Users\Mark\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Mark\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe C:\Users\Mark\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\Users\Public\Desktop\Evolve.lnk - C:\Program Files (x86)\Echobit\Evolve\EvolveClient.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Public\Desktop\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe C:\Users\Public\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\Users\Public\Desktop\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mavis Beacon Teaches Typing.lnk - C:\Program Files (x86)\MBTTUKey\MBTT_FE.exe C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\FarCry™.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio.lnk - C:\Users\Mark\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk - C:\Games\World_of_Tanks\wiki.url C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk - C:\Games\World_of_Tanks\game_manual.url C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk - C:\Games\World_of_Tanks\readme.url C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk - C:\Games\World_of_Tanks\website.url C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk - C:\Games\World_of_Tanks\unins000.exe C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk - C:\Windows\system32\control.exe /name Microsoft.DefaultPrograms C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk - C:\Games\Toribash-4.62\toribash.exe C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk - C:\Windows\system32\wuapp.exe startmenu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk - C:\Program Files (x86)\Echobit\Evolve\EvolveClient.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk - C:\Windows\system32\xpsrchvw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk - C:\Windows\system32\calc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk - C:\Windows\system32\displayswitch.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\Windows\system32\mspaint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk - C:\Windows\System32\mobsync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk - C:\Windows\Speech\Common\sapisvr.exe -SpeechUX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\Windows\system32\charmap.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk - C:\Windows\system32\dfrgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk - C:\Windows\system32\cleanmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk - C:\Windows\system32\perfmon.exe /res C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk - C:\Windows\system32\msinfo32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk - C:\Windows\system32\taskschd.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk - C:\Windows\system32\migwiz\postmig.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk - C:\Windows\system32\migwiz\migwiz.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\Windows\sysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\Windows\system32\comexp.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\Windows\system32\compmgmt.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk - C:\Windows\system32\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\Windows\system32\eventvwr.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\Windows\system32\iscsicpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\Windows\system32\perfmon.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\Windows\system32\services.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\Windows\system32\taskschd.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\Windows\system32\WF.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoExit -ImportSystemModules C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\Uninstall Belkin USB Wireless Adapter Driver.lnk - C:\Program Files (x86)\InstallShield Installation Information\{549CE1BD-88E4-4C5E-BF75-B155624714CC}\setup.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\User Manual.lnk - C:\Program Files (x86)\Belkin\F9L1001\v1\UserManual.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Codec Settings.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=decoder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier\Driver Identifier.lnk - C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Uninstall Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\EUALAs\EUALA_en.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\readmes\readme_en.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Fallout New Vegas.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows - LIVE.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto IV.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STAR WARS™ The Old Republic™.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Elder Scrolls V Skyrim.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk - C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk - C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe uninstall=all C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {8B4E75B8-6788-481D-B8D5-143EF17DC06A} REMOVE=ALL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk - C:\Windows\System32\control.exe /name Microsoft.BackupAndRestore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk - C:\Windows\system32\msra.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\License.lnk - C:\Program Files (x86)\MBTTUKey\MBTT UltraKey Family EULA.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing Manager Guide.lnk - C:\Program Files (x86)\MBTTUKey\MBTTManagerGuide.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing Program.lnk - C:\Program Files (x86)\MBTTUKey\MBTT_FE.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing User Guide.lnk - C:\Program Files (x86)\MBTTUKey\MBTTUserGuide.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Version Installed.lnk - C:\Program Files (x86)\MBTTUKey\VERSION.TXT C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.130\McAfee.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk - C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\RichText.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\PictureViewer.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\QTPlayer.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} /qf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone XTD Mouse\Kone XTD Driver.lnk - C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe 1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone XTD Mouse\Uninstall Driver.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7133137D-DF48-4522-AD88-13C82B7D0A63}\Setup.exe" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk - C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Check for Updates.lnk - C:\Program Files (x86)\Xvid\autoupdate-windows.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk - C:\Windows\System32\rundll32.exe xvid.ax,Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk - C:\Program Files (x86)\Xvid\releasenotes.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid Video Codec.lnk - C:\Program Files (x86)\Xvid\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk - C:\Program Files (x86)\Xvid\MiniConvert.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's FourCC Changer.lnk - C:\Program Files (x86)\Xvid\AviC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's MiniCalc.lnk - C:\Program Files (x86)\Xvid\MiniCalc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Some Quantization Matrices.lnk - C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader 2.1.lnk - C:\Program Files (x86)\Xvid\StatsReader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader Notes.lnk - C:\Program Files (x86)\Xvid\statsreader.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\xvid_encraw.lnk - C:\Windows\system32\cmd.exe /k ""C:\Program Files (x86)/Xvid\xvid_encraw.exe"" -h ==== shortcuts in Quick Launch ====================== C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CMW.lnk - C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Device Manager.lnk - C:\Windows\System32\devmgmt.msc C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Engine.lnk - C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Users\Mark\Desktop\Minecraft.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Robocraft.lnk - C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spore.lnk - C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpadbdkobbgjgonnfnipfngifldcdfin deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\bs4g9g2q.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=251 folders=73 43222291 bytes) ==== Empty Temp Folders ====================== C:\Users\Admin\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Mark\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Mark\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on Fri 02/01/2002 at 18:10:30.47 ======================
  8. Something is forcing us to use a proxy through the browser... but the proxy server cannot be reached. The machine has connectivity, I know because skype works, but the browser can not. I go into Internet Settings to deselect using a proxy, but never can save the settings. No matter what we do we are unable to save the proxy settings in Internet Settings.
  9. RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Mark [Administrator] Mode : Scan -- Date : 01/30/2002 15:04:16 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 34 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] 10b28f7c4cd11571d1c0f9f931fd5d99 [bSP] 0d32bbfe79531a6bdd35ed963f8c7646 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  10. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/27/2014 Scan Time: 8:45:31 AM Logfile: poop.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.27.04 Rootkit Database: v2014.12.23.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Mark Scan Type: Threat Scan Result: Completed Objects Scanned: 369352 Time Elapsed: 42 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Mark (administrator) on MARK-PC on 23-01-2002 23:58:08 Running from C:\Users\Mark\Desktop Loaded Profiles: Mark (Available profiles: Mark & Admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\MountPoints2: {d52b2cc9-2504-11e3-84e6-806e6f6e6963} - E:\setup.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [HKLM] => ProxyEnable is set. ProxyEnable: [HKLM-x32] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:49635;https=127.0.0.1:49635 ProxyServer: [HKLM-x32] => http=127.0.0.1:49635;https=127.0.0.1:49635 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Deal4REAl -> {9CFC1320-5114-7B27-0A02-FE2E77EBAA17} -> C:\ProgramData\Deal4REAl\2R_1IEV.x64.dll No File BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-4011825315-3729900668-71547304-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4011825315-3729900668-71547304-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml FF Extension: deal4real - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\a@fPX.org [2014-11-30] FF Extension: ddeal4reaal - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\bcsvce0n4a8@uaooy-fmdov.edu [2014-11-30] FF Extension: websaver - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\ozjB@RXZ.edu [2014-11-30] FF Extension: FlexibleShopper - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\Q@LeSc5BzRfN.org [2014-11-30] FF Extension: redirectcleanerexamplenet - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\redirectcleaner@example.net [2014-11-22] FF Extension: Couuponnppeak - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\ryb3qjph@lzzsp.org [2014-11-30] FF Extension: sharemenotfranziroesnercom - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\sharemenot@franziroesner.com [2014-11-22] FF Extension: skipcerterrorfoudilfr - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\skipcerterror@foudil.fr [2014-11-26] FF Extension: WWoweCouepoon - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\tudh@awbd.com [2014-11-30] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-25] CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKLM-x32\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-01] (BitRaider, LLC) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-14] (EasyAntiCheat Ltd) S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-03] (Echobit LLC) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-20] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-07-20] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2011-06-08] (Ralink Technology Corp.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-07-01] (BitRaider) R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-06-08] (Echobit, LLC) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-06] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows.. [6:54:09 PM] Alex Camero (Chuckebee): ; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2002-01-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) >ADDITION.TXT - Start <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<START> ADDITION.TXT Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015 Ran by Mark at 2002-01-23 23:53:31 Running from C:\Users\Mark\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.) Ask Shopping Toolbar (HKLM-x32\...\{4F524A2D-5637-2D53-4154-A758B70C0F01}) (Version: 12.15.1.15 - APN, LLC) <==== ATTENTION Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Belkin USB Wireless Adaptor (x32 Version: 1.0.0.09 - Belkin) Hidden BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch) Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch) CastleMiner Z (HKLM-x32\...\Steam App 253430) (Version: - DigitalDNA Games LLC) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) DriverIdentifier 4.2.7 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) Eldritch (HKLM-x32\...\Steam App 252630) (Version: - Minor Key Games) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.9 - Echobit, LLC) Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Far Cry (HKLM-x32\...\Steam App 13520) (Version: - Crytek Studios) Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal) Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios) Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel® Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.1.3 - Marvell) Mavis Beacon Teaches Typing North America Family (6.3.0.6) (HKLM-x32\...\Mavis Beacon Teaches Typing) (Version: - Encore Software) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219.. (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.) ROBLOX Studio 2013 for Mark (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam) ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH) Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version: - ) Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.46 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) The Stomping Land (HKLM\...\UDK-778ba32b-719d-40b3-a83d-9bfa7b17ea6d) (Version: - Epic Games, Inc.) The Stomping Land (HKLM-x32\...\Steam App 263440) (Version: - SuperCrit) Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal) Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version: - Ubisoft Singapore) Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios) Unity Web Player (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Tanks (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Zip Extractor Packages (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 06-12-2014 15:19:52 Installed Microsoft Fix it 50267 06-12-2014 16:42:34 Checkpoint by HitmanPro 06-12-2014 16:43:27 Checkpoint by HitmanPro 06-12-2014 16:52:02 Installed Microsoft Fix it 50267 07-12-2014 13:40:53 Windows Update 13-12-2014 14:00:54 Windows Update 13-12-2014 15:26:34 Installed DirectX 14-12-2014 09:17:26 Windows Update 18-12-2014 18:07:54 Windows Update 20-12-2014 14:09:55 Installed Intel® Network Connections. 20-12-2014 15:26:35 Device Driver Package Install: TAP-Windows Provider V9 Network adapters 24-12-2014 12:40:50 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {155A1F71-38E7-4591-9723-466517573057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.) Task: {15A3AD72-D756-44F1-A715-5B8773BA0FC9} - System32\Tasks\{5AE11EE6-A7CC-4731-9AF3-51FE4CA02382} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1603 Task: {27B4E8D4-FE23-4596-B556-7ED1A7C78443} - System32\Tasks\{55074885-D820-4ED5-9950-F4B412984072} => pcalua.exe -a C:\Users\Mark\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tugs Task: {58A5CFCD-BF37-4A25-946C-24B3CD9A86EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated) Task: {95B814D3-A004-44FA-8578-284F98AE720C} - System32\Tasks\{C2670687-9EB4-4521-B0AD-2DBFB4BB98E8} => pcalua.exe -a "G:\Save me\iata_enu_10.8.0.1003.exe" -d "G:\Save me" Task: {BCC9E3AF-A8AF-4D88-A843-E1B69D54E1BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.) Task: {CEFA9B39-9A27-4F08-8D7B-E6177655C792} - \DonutQuotes No Task File <==== ATTENTION Task: {E07534CE-A7C7-4536-BF5A-FC65BA507BF8} - \Optimizer Pro Schedule No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-27 20:17 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL 2014-01-27 20:17 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll 2013-12-23 15:46 - 2014-07-20 18:59 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-23 15:46 - 2014-07-20 18:59 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2012-10-05 10:11 - 2012-10-05 10:11 - 00086016 ____N () C.. [NEW PASTE] :\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe 2013-08-28 18:23 - 2013-08-28 18:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-08-10 12:58 - 2014-11-14 20:28 - 00306176 _____ () C:\Users\Mark\AppData\Roaming\.technic\modpacks\ihascupquake-minecraft-oasis\bin\natives\lwjgl64.dll 2014-08-10 12:58 - 2014-11-14 20:28 - 00382464 _____ () C:\Users\Mark\AppData\Roaming\.technic\modpacks\ihascupquake-minecraft-oasis\bin\natives\OpenAL64.dll 2014-05-14 10:45 - 2014-05-14 10:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2013-08-28 18:25 - 2013-08-28 18:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2013-12-26 12:17 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin USB Wireless Adaptor Utility.lnk => C:\Windows\pss\Belkin USB Wireless Adaptor Utility.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" ========================= Accounts: ========================== Admin (S-1-5-21-4011825315-3729900668-71547304-1095 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-4011825315-3729900668-71547304-500 - Administrator - Disabled) Guest (S-1-5-21-4011825315-3729900668-71547304-501 - Limited - Disabled) Mark (S-1-5-21-4011825315-3729900668-71547304-1000 - Administrator - Enabled) => C:\Users\Mark ==================== Faulty Device Manager Devices ============= Name: Intel® 82578DC Gigabit Network Connection Description: Intel® 82578DC Gigabit Network Connection Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: e1kexpress Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/23/2002 11:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 10:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 09:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 07:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Gw2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ddc Start Time: 01c1a3ad5aa2c5bb Termination Time: 1 Application Path: C:\Program Files (x86)\Guild Wars 2\Gw2.exe Report Id: Error: (01/22/2002 00:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/21/2002 01:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2002 09:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2002 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2002 07:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2002 06:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/23/2002 11:01:42 PM) (Source: e1kexpress) (EventID: 24) (User: ) Description: Intel® 82578DC Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm". Error: (01/22/2002 11:03:59 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (01/22/2002 09:56:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:41:37 PM on ‎1/‎22/‎2002 was unexpected. Error: (01/22/2002 00:33:40 PM) (Source: e1kexpress) (EventID: 24) (User: ) Description: Intel® 82578DC Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm". Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. Error: (01/21/2002 01:46:14 PM) (Source: e1kexpress) (EventID: 24) (User.. [NEW PASTE] : ) Description: Intel® 82578DC Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm". Error: (01/21/2002 01:46:16 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:56:29 AM on ‎1/‎21/‎2002 was unexpected. Error: (01/18/2002 09:08:03 PM) (Source: e1kexpress) (EventID: 24) (User: ) Description: Intel® 82578DC Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm". Microsoft Office Sessions: ========================= Error: (01/23/2002 11:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 10:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 09:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2002 07:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Gw2.exe1.0.0.1ddc01c1a3ad5aa2c5bb1C:\Program Files (x86)\Guild Wars 2\Gw2.exe Error: (01/22/2002 00:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/21/2002 01:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2002 09:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2002 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2002 07:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2002 06:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i7 CPU 860 @ 2.80GHz Percentage of memory in use: 61% Total physical RAM: 4087.12 MB Available physical RAM: 1563.34 MB Total Pagefile: 8172.41 MB Available Pagefile: 4437.27 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:47.76 GB) NTFS Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D584AC53) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.