Jump to content

last pass on chrome leads to bsod


Recommended Posts

k long story short. Installed a few apps from chrom, the lst one was last pass, thay    is where it became all wonky. facebook froze and said it was infected and boot me. then I cant find lastpass in programs to delete i open up chrome and bang bsod . so here is my hjt log please say you see something i am missing.

oh and the startup menue is super slow since last night
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:36 AM, on 11/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [sOSUAUI] "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showui
O4 - HKLM\..\Run: [sMessaging] C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [bDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9758 bytes
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.06.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Owner :: 8VIRUS8-EXE [administrator]
 
Protection: Enabled
 
11/6/2013 7:20:57 AM
mbam-log-2013-11-06 (07-20-57).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 363250
Time elapsed: 1 hour(s), 11 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
2013/11/06 02:45:47 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled update:  Flash Scan | Hourly
2013/11/06 02:45:48 -0600 8VIRUS8-EXE Owner ERROR Scheduled update failed:  No address found failed with error code 0
2013/11/06 04:40:35 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled update:  Flash Scan | Hourly
2013/11/06 04:40:45 -0600 8VIRUS8-EXE Owner MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.05.04 to version v2013.11.06.03
2013/11/06 04:40:45 -0600 8VIRUS8-EXE Owner MESSAGE Starting database refresh
2013/11/06 04:40:46 -0600 8VIRUS8-EXE Owner MESSAGE Stopping IP protection
2013/11/06 04:40:47 -0600 8VIRUS8-EXE Owner MESSAGE IP Protection stopped successfully
2013/11/06 04:40:49 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/11/06 04:40:49 -0600 8VIRUS8-EXE Owner MESSAGE Scheduled scan executed successfully
2013/11/06 04:41:11 -0600 8VIRUS8-EXE Owner MESSAGE Database refreshed successfully
2013/11/06 04:41:11 -0600 8VIRUS8-EXE Owner MESSAGE Starting IP protection
2013/11/06 04:41:16 -0600 8VIRUS8-EXE Owner MESSAGE IP Protection started successfully
 

 

post-146032-0-62628700-1383749102_thumb.

Link to post
Share on other sites

Hello wereallmadhere! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites


OTL logfile created on: 11/7/2013 12:27:01 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.74 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 59.08% Memory free

5.48 Gb Paging File | 3.64 Gb Available in Paging File | 66.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.99 Gb Total Space | 166.69 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

 

Computer Name: 8VIRUS8-EXE | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/11/07 10:47:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2013/11/04 03:14:26 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe

PRC - [2013/10/28 02:36:14 | 000,471,840 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe

PRC - [2013/09/14 12:45:18 | 007,941,304 | ---- | M] (DonationCoder) -- C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe

PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/04/22 10:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2011/01/17 20:52:26 | 000,039,528 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

PRC - [2010/08/10 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 16:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/28 02:37:48 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 3\zlib1.dll

MOD - [2013/10/10 02:44:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e1d6482355cf83afab1904ee0cd72168\System.Windows.Forms.ni.dll

MOD - [2013/10/10 02:43:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\01e2b3170ba115d1c719f0eab8510323\WindowsBase.ni.dll

MOD - [2013/10/10 02:43:43 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aafdc594aaeb62d1ebfbb827aa9f059b\System.Configuration.ni.dll

MOD - [2013/10/08 18:02:43 | 000,415,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll

MOD - [2013/10/08 18:02:41 | 004,055,504 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll

MOD - [2013/10/08 18:01:47 | 001,604,560 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

MOD - [2013/09/12 02:01:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6b3be3ca03fcac86340195d721d4dd2d\System.Runtime.Remoting.ni.dll

MOD - [2013/08/18 03:41:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5cff49f1a827754ae2ba6d951b12a07\System.Drawing.ni.dll

MOD - [2013/08/18 03:41:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cea6226854fbf75dc05bd2fb98357e81\System.Xml.ni.dll

MOD - [2013/08/18 03:40:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4802a2f7b7a69969a7cec274030aa373\System.ni.dll

MOD - [2013/07/10 02:36:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/07/08 11:39:20 | 004,591,616 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll

MOD - [2013/07/08 11:39:20 | 000,112,128 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll

MOD - [2010/06/28 16:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/22 10:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2011/01/05 16:23:58 | 000,867,712 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2013/08/23 09:23:31 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2012/05/13 18:47:07 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/01/17 20:52:26 | 000,039,528 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)

SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/17 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/08/31 08:01:14 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/02/05 21:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/09/21 19:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/07/19 18:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/06/21 03:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/05/15 06:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/05/11 04:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/13 04:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U027&ocid=U027DHP&dt=081113

IE - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\..\SearchScopes\E167169070014B21BF94DDA857FC43B8: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3505341010654342&q={searchTerms}

IE - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename,S: S", ""

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.1,S: S", ""

FF - prefs.js..browser.search.order.3: "Bing "

FF - prefs.js..browser.search.selectedEngine,S: S", ""

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: secureLogin%40blueimp.net:1.0.3

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618

FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131008

FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:2.1.1

FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\autodesk.com/Autodesk123DShapes: C:\Users\Owner\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.121\npAutodesk123DShapes32.dll (Autodesk)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013/02/28 03:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2013/11/05 04:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions

[2013/08/10 23:35:08 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2013/10/18 06:55:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013/09/21 22:19:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\donottrackplus@abine.com

[2013/10/27 10:23:36 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\idme@abine.com

[2013/11/05 04:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\staged

[2013/08/24 05:16:44 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\adblockpopups@jessehakanen.net.xpi

[2013/09/21 22:19:54 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\autofillForms@blueimp.net.xpi

[2013/10/18 06:55:18 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\client@anonymox.net.xpi

[2013/11/05 04:58:17 | 001,333,292 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\firefox@ghostery.com.xpi

[2013/09/21 22:19:52 | 000,083,379 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\secureLogin@blueimp.net.xpi

[2013/10/18 06:53:23 | 000,049,720 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\sortbookmarks@bouanto.xpi

[2013/11/05 04:58:08 | 000,534,765 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/10/18 06:53:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/08/11 00:15:08 | 000,002,402 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0ffi4ubb.default-1373273126037\searchplugins\bingp.xml

[2013/10/18 07:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/10/18 07:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/10/18 07:43:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - Extension: APA Format Citation Generator = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhpmnfhdpooglfjfobdbhcahkdbgcd\3.2_0\

CHR - Extension: Beatlab = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk\1.0.1_0\

CHR - Extension: academic-publications.com = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokpkekafcaifmkgijfagenngookcpod\2.0_0\

CHR - Extension: WOT = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.1_0\

CHR - Extension: Audiotool = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\

CHR - Extension: Netcraft Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia\1.3.2_0\

CHR - Extension: Facebook = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\

CHR - Extension: Weebly - Website Builder = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.5_0\

CHR - Extension: MaskMe = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg\1.35.335_0\

CHR - Extension: Facebook Theme Creator = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh\2.1.3_0\

CHR - Extension: DoNotTrackMe = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.0.1005_0\

CHR - Extension: Wishpond Contest for Pinterest = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffooapllmnbkomkknlmbkcocknhchbin\2.0.6_0\

CHR - Extension: Sketch Wizard = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgcipaapohgnempegffkhmhbdloaoec\3.9_0\

CHR - Extension: Magisto = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk\1.2.11471_0\

CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.0_0\

CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0\

CHR - Extension: Pinkdar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhedpddcijkhnbdcojcemkmgmakafgfp\1.0_0\

CHR - Extension: Pearltrees = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjcccdngnaailhnoflbeficiokgcfaah\1.0.23_0\

CHR - Extension: Google Play Music = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\

CHR - Extension: Website Templates & Free Website Builder = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkanomfdiomnhchjmckdnfgjofkmnk\1.0.1_0\

CHR - Extension: Easy Essays = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippabcfpniimkomfeidkcfffmjahcgln\0.0.0.1_0\

CHR - Extension: OER Commons = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmacjdjgmmlaclcgeddepjkkeoojepm\0.3_0\

CHR - Extension: AudioSauna = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.404_0\

CHR - Extension: Until AM for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl\0.6.10_0\

CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\

CHR - Extension: Harvard Referencing = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\

CHR - Extension: deviantART muro = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\

CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

CHR - Extension: Reference.com = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooffafbjcjgjinobbfdgkefebeiodngk\1.5.1_0\

CHR - Extension: ClassDojo = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbinoojbbajacmkigmfnkclhgjnglpon\1.1_0\

CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/11/04 10:18:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [sMessaging] C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (Malwarebytes Secure Backup)

O4 - HKLM..\Run: [sOSUAUI] C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe (Malwarebytes Secure Backup)

O4 - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F799CB9-9022-429F-8C10-D85C7D7C73BA}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C237FA0-76EA-456E-B480-ED4F4533D5A8}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/07 11:19:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL (1).exe

[2013/11/07 10:47:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/11/06 07:24:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine

[2013/11/05 05:46:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group

[2013/11/05 05:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/11/05 05:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2013/11/05 05:46:02 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2013/11/05 05:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/11/05 05:39:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/11/05 05:36:53 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe

[2013/11/04 10:20:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/11/04 10:20:53 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/11/04 07:48:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\com.prezi.PreziDesktop

[2013/11/04 07:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prezi Desktop 4

[2013/11/04 07:02:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\desktop clutter

[2013/11/04 03:05:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook

[2013/11/03 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\DonationCoder

[2013/11/03 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DonationCoder

[2013/11/03 11:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor

[2013/11/03 11:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenshotCaptor

[2013/11/03 11:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder

[2013/11/01 04:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft

[2013/10/24 18:29:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Hillary Marek_files

[2013/10/19 02:22:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/10/19 02:18:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2

[2013/10/18 07:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/10/15 12:48:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\school

[2013/10/12 21:59:42 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe

[2013/10/12 21:59:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GlarySoft

[2013/10/12 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3

[2013/10/12 21:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3

[2013/10/10 02:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2013/10/10 02:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2013/10/08 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com

[2013/10/08 22:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2013/10/08 22:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/07 12:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3612959242-1118106964-4219854335-1000UA.job

[2013/11/07 11:47:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/07 11:19:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL (1).exe

[2013/11/07 10:47:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/11/07 08:47:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/07 08:13:09 | 000,763,076 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/11/07 08:13:09 | 000,640,986 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/11/07 08:13:09 | 000,110,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/11/07 08:11:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/07 04:17:16 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3612959242-1118106964-4219854335-1000Core.job

[2013/11/06 14:21:01 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\Malwarebytes Secure Backup - hillarymarek@gmail.com.job

[2013/11/06 07:26:35 | 004,012,032 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKillerX64.exe

[2013/11/06 02:49:23 | 000,080,301 | ---- | M] () -- C:\Users\Owner\Desktop\hijackthis.png

[2013/11/05 13:54:11 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/05 13:54:11 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/05 13:51:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job

[2013/11/05 13:49:43 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Online Backup Update Notifier.job

[2013/11/05 13:46:42 | 2207,281,152 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/05 11:02:28 | 000,079,268 | ---- | M] () -- C:\Users\Owner\Desktop\generated (1).pdf

[2013/11/05 10:59:25 | 000,064,877 | ---- | M] () -- C:\Users\Owner\Desktop\generated.pdf

[2013/11/05 05:46:05 | 000,001,108 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2013/11/05 05:46:05 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/11/05 05:39:02 | 000,001,275 | ---- | M] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk

[2013/11/04 10:18:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/11/04 04:05:23 | 000,032,213 | ---- | M] () -- C:\Users\Owner\fullwindow000.png

[2013/11/03 11:23:17 | 000,000,058 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2013/11/03 11:23:17 | 000,000,058 | ---- | M] () -- C:\Users\Owner\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2013/10/31 23:21:02 | 000,001,115 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk

[2013/10/19 02:21:43 | 000,370,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/19 02:20:06 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2013/10/18 23:26:57 | 000,031,978 | ---- | M] () -- C:\Users\Owner\Documents\cc_20131019_002639.reg

[2013/10/15 18:47:28 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe

[2013/10/11 22:50:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/10/08 19:46:34 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/11/06 07:26:31 | 004,012,032 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKillerX64.exe

[2013/11/06 02:49:23 | 000,080,301 | ---- | C] () -- C:\Users\Owner\Desktop\hijackthis.png

[2013/11/05 11:02:27 | 000,079,268 | ---- | C] () -- C:\Users\Owner\Desktop\generated (1).pdf

[2013/11/05 10:59:24 | 000,064,877 | ---- | C] () -- C:\Users\Owner\Desktop\generated.pdf

[2013/11/05 05:46:05 | 000,001,108 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2013/11/05 05:46:05 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/11/05 05:39:02 | 000,001,275 | ---- | C] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk

[2013/11/04 07:47:20 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi Desktop.lnk

[2013/11/04 04:05:23 | 000,032,213 | ---- | C] () -- C:\Users\Owner\fullwindow000.png

[2013/11/04 03:14:32 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3612959242-1118106964-4219854335-1000UA.job

[2013/11/04 03:14:31 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3612959242-1118106964-4219854335-1000Core.job

[2013/11/03 11:23:17 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2013/11/03 11:23:17 | 000,000,058 | ---- | C] () -- C:\Users\Owner\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2013/10/18 23:26:46 | 000,031,978 | ---- | C] () -- C:\Users\Owner\Documents\cc_20131019_002639.reg

[2013/10/12 21:59:42 | 000,001,115 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk

[2013/10/12 21:59:40 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job

[2013/10/12 21:59:38 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk

[2013/09/29 17:12:17 | 000,005,326 | ---- | C] () -- C:\Users\Owner\avatar_4480595_b_1363628765.jpg

[2013/09/25 03:14:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-8VIRUS8-EXE-Microsoft-Windows-7-Home-Premium-(64-bit).dat

[2013/09/14 08:46:46 | 000,016,660 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2013/08/31 07:21:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/08/31 07:21:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/08/31 07:21:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/08/31 07:21:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/08/31 07:21:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/07/14 10:00:07 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2013/07/14 10:00:07 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini

[2013/07/14 09:58:19 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2013/07/14 09:53:39 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI

[2013/06/21 03:17:02 | 000,007,602 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2013/06/06 09:08:58 | 000,001,023 | ---- | C] () -- C:\Users\Owner\random icons - Shortcut.lnk

[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/11/04 09:51:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity

[2013/11/04 07:49:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.prezi.PreziDesktop

[2013/07/14 14:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ControlCenter4

[2013/11/03 11:23:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder

[2013/08/25 00:03:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy BitTorrent Client

[2013/10/12 21:59:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft

[2013/09/17 11:46:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nuance

[2013/07/05 08:41:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle

[2013/02/28 03:34:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\player

[2013/08/25 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\qBittorrent

[2013/08/12 08:03:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SlimCleaner

[2013/08/31 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2013/08/08 02:38:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Zeon

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

 

< End of report >

 


=================================================

 

oTL Extras logfile created on: 11/7/2013 12:27:01 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.74 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 59.08% Memory free

5.48 Gb Paging File | 3.64 Gb Available in Paging File | 66.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.99 Gb Total Space | 166.69 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

 

Computer Name: 8VIRUS8-EXE | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{005D9981-AA8F-463D-A29D-E112ADC60771}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{0C114CE6-93EA-4CD5-A5A1-66ADAFA37D89}" = rport=137 | protocol=17 | dir=out | app=system | 

"{0EC56140-0EBD-43E5-BED8-ADD7B3FB1FEE}" = rport=445 | protocol=6 | dir=out | app=system | 

"{1AC645EA-92D9-4CEF-A6C6-DE92D217F348}" = lport=138 | protocol=17 | dir=in | app=system | 

"{1AD7E5FC-1A7B-4A91-8057-9339C826CF7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2E7F637D-F40A-47AE-BAE5-DE6B2F30C225}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2EF427B5-6E01-4D28-A8F6-392D8D70ACE0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{38F07D27-D574-443D-BA58-0BE02BAF1A41}" = lport=445 | protocol=6 | dir=in | app=system | 

"{39F012D2-3A9E-489A-85E0-D2A597C20E84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{3EE6436D-1387-44F8-B0FB-D4F505DEC768}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{41959996-E6CC-49BE-864D-D8BCD6EB110C}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{451CEDF8-718E-4AC4-A109-1288637FF944}" = lport=139 | protocol=6 | dir=in | app=system | 

"{495E36BA-E77C-489E-B5EB-A8D3E16FD063}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{63F14864-95CE-479F-BCBD-AC8CA98CB222}" = lport=137 | protocol=17 | dir=in | app=system | 

"{73B0D10F-A422-44AF-8960-9DF529DE8977}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8894106D-9B11-4F19-939A-90AB3C6DFB41}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{8ADCD510-29F3-4828-9044-B890D8CF2425}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{8CFAAE7D-6CBD-4142-A5BA-DB8B4CB0B100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8ED4E5BC-D505-4468-9677-EF78CB8F3B46}" = rport=139 | protocol=6 | dir=out | app=system | 

"{903456A3-D922-4446-97DD-51ABE26A907B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{90DE953B-0312-4BB4-A246-C17ACBF24343}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{91043062-AB1E-4FD5-B8EC-47131A5DB5CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A0C0DF2E-CDE1-4BC0-9156-A36D959E35B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{B27AD4DF-47E5-42C0-AF85-C53C162D7741}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BD97E861-882A-42AB-BF64-B3D0F6E8B81C}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 

"{C03636A9-F735-42CA-A910-F80A17A3CB36}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C7656AE4-0A84-4FD1-84D7-13AAEAAFF1CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D5ACAE56-4574-43E2-944C-B1ACDBB7C138}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D79C9E9E-56B4-4E1D-A4D1-BB6F54A2A4AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D94FC9A2-738E-43D3-91A0-0CD4300161F5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{DA94EEE5-6748-4479-9C67-497A7F6C8E3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DB8CD08D-5622-4F67-BBB6-DA85371CF3EE}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{FD732560-8E6D-4A99-9AFC-00553C805A53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EAC01A0-6F58-4A41-A947-B9ED7D1B729C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{28F0EEDC-509F-4653-89F8-0CDFCC413534}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{39A24A6F-0C80-4972-9AF7-6FCBBC8E7522}" = dir=in | app=d:\setup\hpznui40.exe | 

"{3C0E8742-8087-4234-9AED-CFA1CFD6A4DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3D2E325D-2923-4544-B014-E543678C2FBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3D3E68EE-BC58-4BCD-B58D-985ED374C922}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{3FFF8D99-1C89-428A-AE00-B0A452890EEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{46D58221-8CA4-4344-AD9E-39BA6B4C4F16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{4932090C-617F-4BC6-86B0-8B1150EC822B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4F1918D7-7BF0-49D5-B19E-083EF2B7EE18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{5787427A-BB96-488D-8575-3243E20E6181}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{58709A4C-7BC8-4E3E-879A-8832E38514CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{587BE05C-CEDD-47B4-920C-939F5E74C935}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{666F2A1F-5903-47B3-8E68-52B01246FF95}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{716597EA-4093-4C7A-B3DD-86051D8F36A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{77700508-DDAE-4665-A8F1-736F0C30250E}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe | 

"{7A50CC67-62A2-4B97-B076-CCA39299BEE9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{831FD34D-3B53-47EE-A44D-4BF562471CD4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{8F8DA828-9213-4487-84F4-0F786C42D39B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{91D7B381-C88E-4569-ADA8-EC934E6D1DC0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{96C8C5F3-C987-4FE4-801B-B42002520379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{9EC9404D-EFDD-4B82-AE42-19C535CD80FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A4562E1F-5067-42AC-99BE-BEA45275841F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{AFCE27D0-07C0-4D1E-BAEC-41FE06F7B7CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B95709CA-728D-49EB-8FC5-3DA8DFDB8C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{C00D63DA-44E6-467A-8287-C81A8FD73603}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{C3ECE241-1CF0-4429-9218-E717212388F1}" = protocol=6 | dir=out | app=system | 

"{C53DD801-7C61-4A76-9171-624C57993C6B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F137A96B-256C-476C-B696-B0ED9C10AD9D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"Defraggler" = Defraggler

"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Recuva" = Recuva

"Shop for HP Supplies" = Shop for HP Supplies

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046AD41-374C-43B8-8C75-13C149391CCA}" = Malwarebytes Secure Backup

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera

"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery

"{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}" = Movie Maker

"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions

"{119A44B5-6237-4D56-8424-5DAE70ED3F4E}" = Windows Live UX Platform Language Pack

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer

"{5B7F33B3-C72C-4408-8AF9-B855775F51DB}" = Picasa Web Albums Live Publisher

"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials

"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials

"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE

"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7881716A-5DA3-4B3F-A3CC-E63676E5CF78}" = Windows Live Messenger

"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{7FAE73A4-F0BC-4B65-81CF-52C417383407}" = Prezi Desktop

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail

"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger

"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J430W

"{A52DB080-D445-49EB-90D2-03B9CD794511}" = Photo Common

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer

"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{AEFAF1CC-9688-402B-A3E3-7E8F2043874C}" = Windows Live Writer

"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger

"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker

"{BBFCB394-78EB-45D4-BAC6-809AB1DF5F83}" = Windows Live Mail

"{BD12145E-DA08-4D09-91FE-C8D3E8A2D17F}" = Windows Live Family Safety

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail

"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common

"{DE7D8CF9-9C52-4BE0-B3E0-D4F116C524A8}" = Windows Live

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}" = Galerie de photos

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FFCF82EC-895F-4AC8-925E-3412FE25EF62}" = Windows Live Writer Resources

"Adobe AIR" = Adobe AIR

"Audacity_is1" = Audacity 2.0.4

"ESET Online Scanner" = ESET Online Scanner v3

"Gateway Registration" = Gateway Registration

"Gateway Welcome Center" = Welcome Center

"Glary Utilities 3" = Glary Utilities 3.9.4

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Revo Uninstaller" = Revo Uninstaller 1.95

"ScreenshotCaptor_is1" = Screenshot Captor 4.7.2

"Tweaking.com - Simple System Tweaker" = Tweaking.com - Simple System Tweaker

"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3612959242-1118106964-4219854335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"SkyDriveSetup.exe" = Microsoft SkyDrive

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/27/2013 2:51:21 AM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/29/2013 2:11:21 PM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11/1/2013 11:59:32 PM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11/4/2013 12:10:55 PM | Computer Name = 8virus8-exe | Source = VSS | ID = 18

Description = Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623}

 and name IVssCoordinatorEx2 cannot be started during Safe Mode.  The Volume Shadow

 Copy service cannot start while in safe mode. [0x8007043c, This service cannot 

be started in Safe Mode  ]    Operation:    Instantiating VSS server

 

Error - 11/4/2013 12:10:55 PM | Computer Name = 8virus8-exe | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

 CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode

.

 

 

Operation:

 

   Instantiating VSS server

 

Error - 11/4/2013 12:10:55 PM | Computer Name = 8virus8-exe | Source = System Restore | ID = 8193

Description = Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe;

 Description = ComboFix created restore point; Error = 0x8007043c).

 

Error - 11/4/2013 7:59:49 PM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11/5/2013 1:49:23 PM | Computer Name = 8virus8-exe | Source = Chrome | ID = 1

Description = 

 

Error - 11/6/2013 6:37:58 AM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11/7/2013 10:48:11 AM | Computer Name = 8virus8-exe | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

 .  A component version required by the application conflicts with another component

 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

[ System Events ]

Error - 11/4/2013 6:37:17 PM | Computer Name = 8virus8-exe | Source = DCOM | ID = 10010

Description = 

 

Error - 11/4/2013 6:53:28 PM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7003

Description = The Intel® Management & Security Application User Notification Service

 service depends the following service: LMS. This service might not be installed.

 

Error - 11/5/2013 1:26:42 AM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

 Error Reporting Service service to connect.

 

Error - 11/5/2013 1:37:06 AM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

 Error Reporting Service service to connect.

 

Error - 11/5/2013 1:37:52 AM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

 Error Reporting Service service to connect.

 

Error - 11/5/2013 1:38:22 AM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

 Error Reporting Service service to connect.

 

Error - 11/5/2013 1:40:38 AM | Computer Name = 8virus8-exe | Source = EventLog | ID = 6008

Description = The previous system shutdown at 11:38:38 PM on ?11/?4/?2013 was unexpected.

 

Error - 11/5/2013 1:43:07 AM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7003

Description = The Intel® Management & Security Application User Notification Service

 service depends the following service: LMS. This service might not be installed.

 

Error - 11/5/2013 3:43:50 PM | Computer Name = 8virus8-exe | Source = DCOM | ID = 10010

Description = 

 

Error - 11/5/2013 3:49:08 PM | Computer Name = 8virus8-exe | Source = Service Control Manager | ID = 7003

Description = The Intel® Management & Security Application User Notification Service

 service depends the following service: LMS. This service might not be installed.

 

 

< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

    IE - HKU\S-1-5-21-3612959242-1118106964-4219854335-1000\..\SearchScopes\E167169070014B21BF94DDA857FC43B8: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3505341010654342&q={searchTerms}

    FF - prefs.js..browser.search.defaultenginename,S: S", ""

    FF - prefs.js..browser.search.defaultthis.engineName: ""

    FF - prefs.js..browser.search.defaulturl: ""

    FF - prefs.js..browser.search.order.1: ""

    FF - prefs.js..browser.search.order.1,S: S", ""

    FF - prefs.js..browser.search.selectedEngine,S: S", ""

    CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.0_0\

    CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0\

    CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\

    [2013/08/25 00:03:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy BitTorrent Client

    [2013/08/25 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\qBittorrent

    [2013/08/31 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3612959242-1118106964-4219854335-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

Prefs.js: S", "" removed from browser.search.defaultenginename,S

Prefs.js: "" removed from browser.search.defaultthis.engineName

Prefs.js: "" removed from browser.search.defaulturl

Prefs.js: "" removed from browser.search.order.1

Prefs.js: S", "" removed from browser.search.order.1,S

Prefs.js: S", "" removed from browser.search.selectedEngine,S

File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.0_0 not found.

File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0 not found.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\_locales\en folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\_locales folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\templates\precompiled folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\templates folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor\tipTip folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor\moment\lang folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor\moment folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor\bootstrap folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor\apprise folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib\vendor folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\lib folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\js folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\includes folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\sprite_images\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\sprite_images folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\tutorial\sprite_images\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\tutorial\sprite_images folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\tutorial folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\tracker\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\tracker folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\settings\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\settings folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\header\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\header folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\footer\sprite folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel\footer folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\panel folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\help folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images\click2play folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\images folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\data folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\css folder moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0 folder moved successfully.

C:\Users\Owner\AppData\Roaming\Easy BitTorrent Client folder moved successfully.

C:\Users\Owner\AppData\Roaming\qBittorrent folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent\share folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 8642890 bytes

->Temporary Internet Files folder emptied: 53460 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6469672 bytes

->Google Chrome cache emptied: 345979870 bytes

->Flash cache emptied: 511 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 592874 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95470 bytes

RecycleBin emptied: 485190838 bytes

 

Total Files Cleaned = 808.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 11112013_192926

 

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

File\Folder C:\Windows\temp\TMP00000003CA191EA761B6BABA not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.