I updated from Malwarebytes Anti-Malware 1.75 to Malwarebytes Anti-Malware 2.0 on 13 April, 2014, after which I ran a full scan. The programme quarantined a folder and two files which it identified as Trojan.0Access. I posted on the Malwarebytes Forum where I was advised that these detections were misused legitimate files ( i.e. legitimate files in a location used by malware ) and was advised to visit a Malware Forum to have my system checked out. I am not experiencing any obvious issues with my computer at the moment.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14/04/2014
Scan Time: 20:47:30
Logfile: LogFile.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.14.07
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Admin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269294
Time Elapsed: 4 min, 26 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
Trojan.0Access, C:\Windows\System64, Quarantined, [728ef20ec83808f844f6c73b55ab0ff1],
Files: 2
Trojan.0Access, C:\Windows\System64\msvcp100.dll, Quarantined, [728ef20ec83808f844f6c73b55ab0ff1],
Trojan.0Access, C:\Windows\System64\msvcr100.dll, Quarantined, [728ef20ec83808f844f6c73b55ab0ff1],
Physical Sectors: 0
(No malicious items detected)
↧
[Trojan] Trojan Detection
↧
Some very sad news
It is with deep sadness that bring you all some very sad news.
uid://751678 passed away at home last night. She will be missed greatly.
http://www.dslreports.com/forum/r29193149-Tragedy
http://www.dslreports.com/forum/r29193835-ohhh-lil-dearest-lil
....
↧
↧
please help with infected computer
Hi,
My computer was infected when installing what i thought was legitimate software. It has been causing connection problems with my browser and also causing the computer to freeze when trying to shut down, log off or restart.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/30/2014
Scan Time: 2:05:56 PM
Logfile: MAM scan log.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.30.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Server 2012
CPU: x64
File System: NTFS
User: venstar00000
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433115
Time Elapsed: 2 hr, 38 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
Malware.Trace, HKU\S-1-5-21-4039887993-1275629603-614627971-1822-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, Microsoft.AdministrativeTools, Quarantined, [e19e45eb22591f1735a1df1ad72be61a]
Registry Data: 1
PUM.Disable.MCProperties, HKU\S-1-5-21-4039887993-1275629603-614627971-1822-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),Replaced,[9ae53ff17b004fe7a2ca141ce81cd927]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v3.205 - Report created 30/04/2014 at 14:46:20
# Updated 28/04/2014 by Xplode
# Operating System : Windows Server 2012 Standard (64 bits)
# Username : venstar00000 - VENSTAR
# Running from : C:\Users\venstar00000\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Util PlurPush
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\.NET v4.5\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\.NET v4.5 Classic\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\vdisupport\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\venstar00000\AppData\Local\SearchProtect
Folder Deleted : C:\Users\venstar00000\AppData\Roaming\pdfforge
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\.NET v4.5\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
File Deleted : C:\Users\.NET v4.5 Classic\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
File Deleted : C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
File Deleted : C:\Users\vdisupport\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
File Deleted : C:\Users\venstar00000\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\.NET v4.5\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
[ File : C:\Users\.NET v4.5 Classic\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
[ File : C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
[ File : C:\Users\vdisupport\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
[ File : C:\Users\venstar00000\AppData\Roaming\Mozilla\Firefox\Profiles\u588f7xc.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\.NET v4.5\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\.NET v4.5 Classic\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\MSSQL$MICROSOFT##WID\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\vdisupport\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4740 octets] - [30/04/2014 14:44:23]
AdwCleaner[S0].txt - [4731 octets] - [30/04/2014 14:46:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4791 octets] ##########
OTL logfile created on: 4/30/2014 2:57:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\venstar00000\Desktop
64bit- Server Standard Edition (full installation) (Version = 6.2.9200) - Type = NTServer
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.02 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 55.34% Memory free
5.15 Gb Paging File | 3.96 Gb Available in Paging File | 76.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.66 Gb Total Space | 8.44 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive D: | 26.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: VENSTAR | User Name: venstar00000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014/04/30 14:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\venstar00000\Desktop\OTL.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2013/01/07 22:45:12 | 001,085,440 | ---- | M] (Kaseya International Limited) -- C:\Program Files (x86)\Kaseya\KTLPRT45134507432712\AgentMon.exe
PRC - [2012/09/23 23:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/15 23:37:42 | 000,083,024 | ---- | M] ( ) -- C:\Program Files (x86)\Kaseya\KTLPRT45134507432712\extensions\Lua.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/02/08 00:54:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/10/23 19:24:26 | 000,069,368 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 23:08:49 | 000,773,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tssdis.exe -- (Tssdis)
SRV:64bit: - [2012/07/25 23:08:45 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2012/07/25 23:08:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:37 | 000,241,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ualsvc.dll -- (UALSVC)
SRV:64bit: - [2012/07/25 23:07:33 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TSCPUBSvr.dll -- (TScPubRPC)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:07:07 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2012/07/25 23:07:04 | 000,694,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RDMS.dll -- (RDMS)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:05:55 | 000,171,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\kpssvc.dll -- (KPSSVC)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:40 | 000,369,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 23:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/04/28 18:33:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 10:49:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/02/09 12:04:20 | 000,022,016 | ---- | M] (Outercurve Foundation) [Auto | Running] -- C:\Program Files (x86)\WebsitePanel-VMConfig-2.0.0\WebsitePanel.VmConfig.exe -- (WSPVmConfig)
SRV - [2013/01/07 22:45:12 | 001,085,440 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files (x86)\Kaseya\KTLPRT45134507432712\AgentMon.exe -- (KAKTLPRT45134507432712)
SRV - [2012/11/09 14:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 23:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 23:20:56 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012/07/25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/25 21:38:36 | 000,083,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\rsopprov.exe -- (RSoPProv)
SRV - [2012/06/02 10:36:51 | 000,129,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WID\Binn\sqlwriter.exe -- (WIDWriter)
SRV - [2012/06/02 10:36:50 | 000,191,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WID\Binn\sqlservr.exe -- (MSSQL$MICROSOFT##WID)
SRV - [2011/08/08 13:56:00 | 000,729,088 | ---- | M] () [Auto | Running] -- C:\Nagios++\NSClient++.exe -- (NSClientpp)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2014/04/30 14:36:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/19 15:26:24 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2014/02/08 00:54:28 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014/02/08 00:54:28 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netvsc63.sys -- (NETVSCVFPP)
DRV:64bit: - [2014/02/08 00:54:28 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/02/08 00:54:28 | 000,056,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2014/02/08 00:54:28 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2014/02/08 00:54:28 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2014/02/08 00:54:28 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2014/02/08 00:54:28 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2014/02/08 00:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/10/10 07:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 02:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 22:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/10 02:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 15:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013/07/01 21:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 21:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 18:15:13 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MsLbfoProvider.sys -- (MsLbfoProvider)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/28 23:04:01 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\winnat.sys -- (WinNat)
DRV:64bit: - [2013/05/28 13:12:19 | 000,382,536 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/04/22 14:21:00 | 000,148,696 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/04/17 15:59:58 | 000,593,144 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/04/17 15:59:56 | 000,718,840 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:39:38 | 000,845,544 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:01:00 | 000,062,192 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2012/07/26 01:01:00 | 000,027,888 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,699,632 | ---- | M] (Emulex) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\elxfcoe.sys -- (elxfcoe)
DRV:64bit: - [2012/07/26 01:00:52 | 000,434,928 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2012/07/26 01:00:52 | 000,382,704 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:49 | 001,964,272 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bfadfcoe.sys -- (bfadfcoe)
DRV:64bit: - [2012/07/26 01:00:49 | 001,963,760 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bfad.sys -- (bfad)
DRV:64bit: - [2012/07/26 01:00:49 | 000,564,976 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,186,096 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:59:35 | 000,094,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:28:54 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wtlmdrv.sys -- (wtlmdrv)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 22:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 22:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 22:25:04 | 000,131,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\smbdirect.sys -- (smbdirect)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:24:22 | 000,074,240 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\TSFairShare.sys -- (TSFairShare)
DRV:64bit: - [2012/07/25 22:23:42 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tsusbhub.sys -- (tsusbhub)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledAddons: ctrl-tab%40design-noir.de:0.21.1
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-6665170634FE%7D:1.10
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:12.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/30 14:46:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/30 14:46:23 | 000,000,000 | ---D | M]
[2013/05/01 21:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\venstar00000\AppData\Roaming\mozilla\Extensions
[2014/04/25 11:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\venstar00000\AppData\Roaming\mozilla\Firefox\Profiles\u588f7xc.default\extensions
[2014/04/25 10:41:49 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\venstar00000\AppData\Roaming\mozilla\Firefox\Profiles\u588f7xc.default\extensions\donottrackplus@abine.com
[2014/02/10 10:10:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\venstar00000\AppData\Roaming\mozilla\Firefox\Profiles\u588f7xc.default\extensions\en-US@dictionaries.addons.mozilla.org
[2014/03/11 14:16:04 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\venstar00000\AppData\Roaming\mozilla\Firefox\Profiles\u588f7xc.default\extensions\support@lastpass.com
[2014/02/13 09:42:27 | 000,016,258 | ---- | M] () (No name found) -- C:\Users\venstar00000\AppData\Roaming\mozilla\firefox\profiles\u588f7xc.default\extensions\ctrl-tab@design-noir.de.xpi
[2014/04/25 11:22:23 | 000,125,946 | ---- | M] () (No name found) -- C:\Users\venstar00000\AppData\Roaming\mozilla\firefox\profiles\u588f7xc.default\extensions\printedit@DW-dev.xpi
[2014/02/20 14:00:49 | 000,053,234 | ---- | M] () (No name found) -- C:\Users\venstar00000\AppData\Roaming\mozilla\firefox\profiles\u588f7xc.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
[2014/04/25 10:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/25 10:49:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/17 11:51:06 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: res://iesetup.dll/SoftAdmin.htm
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: LastPass = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: Google Wallet = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\venstar00000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O4 - HKLM..\Run: [KASHKTLPRT45134507432712] C:\Program Files (x86)\Kaseya\KTLPRT45134507432712\KaUsrTsk.exe (Kaseya International Limited)
O4 - Startup: C:\Users\venstar00000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Microsoft.UserAccounts
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Microsoft.WindowsFirewall
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\venstar00000\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\venstar00000\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\venstar00000\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\venstar00000\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdi.dataoncloud.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{816166FA-5324-4DC8-A85C-8D6BB4026AA2}: NameServer = 38.126.136.75,38.126.136.74
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/18 10:47:10 | 000,000,130 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /q /v *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014/04/30 14:56:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\venstar00000\Desktop\OTL.exe
[2014/04/30 14:45:22 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/30 14:44:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/30 10:45:07 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\venstar00000\Desktop\TFC.exe
[2014/04/30 00:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2014/04/29 22:35:55 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/04/25 11:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\guapdf33-password
[2014/04/25 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/24 13:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2014/04/24 13:16:17 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2014/04/24 13:16:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2014/04/24 13:16:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2014/04/24 13:16:17 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2014/04/24 13:15:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2014/04/24 13:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2014/04/24 10:45:21 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/24 10:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/24 10:44:06 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/24 10:44:05 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/24 10:44:05 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/24 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/24 10:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/23 14:24:21 | 000,000,000 | ---D | C] -- C:\Users\venstar00000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appnimi
[2014/04/23 14:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Appnimi
[2014/04/23 10:10:20 | 000,000,000 | ---D | C] -- C:\Users\venstar00000\Documents\PDF Creator Profiles
[2014/04/11 19:36:47 | 005,979,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/04/11 19:36:46 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/04/11 19:36:45 | 005,092,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/04/11 19:36:45 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/04/11 19:36:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014/04/11 19:36:43 | 000,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014/04/11 19:36:43 | 000,332,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 19:36:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/04/11 19:36:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2014/04/11 19:36:42 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/04/11 19:35:04 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/11 19:34:55 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/04/11 19:34:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/11 19:34:54 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/11 19:34:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/11 19:34:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/04/11 19:34:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/11 19:34:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/11 19:34:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/04/11 19:34:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/11 19:34:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/11 19:34:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/04/11 19:34:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/04/11 19:34:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/11 19:34:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/09 07:21:24 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 07:21:24 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/04/02 09:02:17 | 000,000,000 | ---D | C] -- C:\Users\venstar00000\AppData\Roaming\SugarCRM
[2014/04/02 08:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\SugarCRM
[2014/04/01 09:57:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.OCX
[2014/04/01 07:52:48 | 000,000,000 | ---D | C] -- C:\Users\venstar00000\AppData\Local\Microsoft Help
[2014/02/10 11:18:05 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014/04/30 14:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\venstar00000\Desktop\OTL.exe
[2014/04/30 14:52:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/30 14:50:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/30 14:47:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/30 14:41:00 | 001,310,621 | ---- | M] () -- C:\Users\venstar00000\Desktop\adwcleaner.exe
[2014/04/30 14:36:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/30 14:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/30 10:45:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\venstar00000\Desktop\TFC.exe
[2014/04/30 06:54:34 | 000,004,146 | RHS- | M] () -- C:\Users\venstar00000\ntuser.pol
[2014/04/30 06:29:54 | 000,006,748 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/29 22:35:55 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/04/25 11:18:33 | 000,001,018 | ---- | M] () -- C:\Users\venstar00000\Desktop\G- PDF decrypter.lnk
[2014/04/24 10:44:18 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/22 19:47:16 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/22 19:47:16 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/15 08:00:30 | 000,001,101 | ---- | M] () -- C:\Users\venstar00000\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 08:44:46 | 001,056,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/02 08:44:46 | 000,866,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/02 08:44:46 | 000,187,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014/04/30 14:40:59 | 001,310,621 | ---- | C] () -- C:\Users\venstar00000\Desktop\adwcleaner.exe
[2014/04/24 10:44:18 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/01 09:57:04 | 001,061,888 | ---- | C] () -- C:\Windows\SysWow64\ExLvwU.ocx
[2014/04/01 09:57:04 | 000,805,376 | ---- | C] () -- C:\Windows\SysWow64\EditCtlsU.ocx
[2014/04/01 09:57:04 | 000,539,648 | ---- | C] () -- C:\Windows\SysWow64\LblCtlsU.ocx
[2014/04/01 09:57:04 | 000,476,160 | ---- | C] () -- C:\Windows\SysWow64\TabStripCtlU.ocx
[2014/04/01 09:57:03 | 001,103,872 | ---- | C] () -- C:\Windows\SysWow64\CBLCtlsU.ocx
[2014/04/01 09:57:03 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\BtnCtlsU.ocx
[2014/02/13 06:53:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/02/11 13:35:50 | 000,205,842 | ---- | C] () -- C:\ProgramData\1392139700.bdinstall.bin
[2014/02/11 10:05:48 | 000,048,220 | ---- | C] () -- C:\ProgramData\1392127479.bdinstall.bin
[2014/02/07 13:22:02 | 000,004,146 | RHS- | C] () -- C:\Users\venstar00000\ntuser.pol
[2014/02/07 12:27:35 | 000,006,748 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/26 04:05:07 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:05:07 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:13:31 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 16:26:04 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/26 20:31:25 | 019,752,448 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/26 20:52:21 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013/05/13 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\acccore
[2014/02/27 11:16:36 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/04/29 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Dropbox
[2014/03/12 08:31:00 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\DropboxMaster
[2014/02/11 10:15:44 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Fonality
[2014/02/26 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Foxit Software
[2014/02/21 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Free File Shredder
[2014/02/11 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\QuickScan
[2014/04/03 07:59:42 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\SugarCRM
[2014/03/14 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Tracker Software
[2014/04/15 08:01:18 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\TrueCrypt
[2014/02/13 11:49:21 | 000,000,000 | ---D | M] -- C:\Users\venstar00000\AppData\Roaming\Zoiper
[color=#E56717]========== Purity Check ==========[/color]
↧
[Malware] Trying to determine the extent of the damage
So I started getting "shopper assistance" popups on my screen and randomly pages would load and tell me the page I was viewing had expired.
Fortunately i knew where to turn for assistance..
The logs are attached
↧
Problem with FF and MS Office ?? malware related
Firefox opens multiple tabs while clicking on "Manage account" under File->Account in Office 2013, opens the correct office Tab and another URL-Tab .. to some add site ...
I have new OEM install from Lenovo: W7, updated. Lenovo Think Center M93p: standard customizations.
Very paranoid re connecting to web for updates &downloads, no warez or cracks, behind a router, NIS in place , Malware Bytes, Webroot WSA, all installs scanned prior to running. Other than FF all installs via offline.
Firefox 29 via stub with usual extensions ( NOScript as one of the first, Adfblocker next) .
Flash plugin installed. Other standard plugins.. No freeware added as yet
Installed Office 2013 Home Premium via subscription @ MS
With FF as default, click through to MS Office>Document> Account>Manage Account button .... two windows open: MS Office and a second tab behind the first "69a"
Which goes to www.69a.com !!!
Dont know what that is: some product spruiking page
http://dig.whois.com.au/whois.php?dom=69a.com&secondary=1
Changed default to IE (FF still installed): click through > FF opens again with 2 windows !! WOt ??
Uninstall FF: IE goes through with no issue
Try Chrome as default: exactly the same !!
Have scanned like crazy, flushed everything...nothing.
What is this ?? Some fixed redirect ??
Otherwise box working well...? bit slow for new high spec HW and fresh install
There are these threads:
hxxps://productforums.google.com/forum/#!topic/chrome/9wuH1qC9fKQ
hxxps://support.mozilla.org/en-US/questions/1000206#answer-586527
https://support.mozilla.org/en-US/questions/974954
The other posters were linked/opened to different pages
Interesting reading
I have done the mandatory scans and logs attached
Adwcleaner saw something but I recall that had been identified as FP ??
Did not run cleaner
Otherwise seems ok ?
Out of interest :
BitDefender on line: clear
aswMBR Log included
NIS scan: nothing
Webroot scan: nothing
Regards
↧
↧
[Malware] Persistent bug
Hi guys, Im here because Im in need of assistance of professional help. I have Factory Reset my laptop thrice and the problem still persist. It's either high CPU usage or High Disk Usage. I think the virus is in my system32 and I don't know how to fix please help me thanks in Advanced for your help. :)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/4/2014
Scan Time: 7:47:05 PM
Logfile: MBAM log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.05.02
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Gemille
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256914
Time Elapsed: 10 min, 57 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.Awesomehp.A, HKU\S-1-5-21-1163390462-205529737-2524509884-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.awesomehp.com/?type=hp&ts=1392914635&from=amt&uid=HGSTXHTS545050A7E380_TM8514TF20412P20412PX, Good: (http://www.google.com), Bad: (http://www.awesomehp.com/?type=hp&ts=1392914635&from=amt&uid=HGSTXHTS545050A7E380_TM8514TF20412P20412PX),Replaced,[f9ddc8ac0675cd691d5cabb5fc0825db]
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [8d491e562c4f23138ab9ebc56d957a86],
Physical Sectors: 0
(No malicious items detected)
(end)
-----------------------------------------
# AdwCleaner v3.211 - Report created 05/06/2014 at 04:02:50
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Gemille - GEMILLE
# Running from : C:\Users\Gemille\Desktop\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gemille\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [898 octets] - [04/06/2014 20:28:53]
AdwCleaner[R1].txt - [910 octets] - [04/06/2014 23:25:30]
AdwCleaner[R2].txt - [1028 octets] - [05/06/2014 04:01:40]
AdwCleaner[S0].txt - [964 octets] - [04/06/2014 20:30:49]
AdwCleaner[S1].txt - [972 octets] - [04/06/2014 23:26:11]
AdwCleaner[S2].txt - [953 octets] - [05/06/2014 04:02:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1012 octets] ##########
OTL Extras logfile created on: 6/4/2014 8:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gemille\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 69.27% Memory free
6.72 Gb Paging File | 5.51 Gb Available in Paging File | 81.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 438.21 Gb Total Space | 393.47 Gb Free Space | 89.79% Space Free | Partition Type: NTFS
Drive D: | 26.78 Gb Total Space | 3.14 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
Computer Name: GEMILLE | User Name: Gemille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0547D52A-6034-45A7-9573-4D4E77007179}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{189423FF-5F88-4F84-9370-8B74663C3EFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218A9BE4-8D1E-48B0-91D9-AC03AA0B9043}" = rport=139 | protocol=6 | dir=out | app=system |
"{36A761A2-3F81-4F08-A39A-9441D5DE39FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{51569602-E79D-4939-88E1-30CE311CDE3B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57D5FEF4-495D-4E0E-A2E8-CE98C1BB97B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6514BDB8-0D51-4EC0-BC75-2A0FADD727E3}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A01DB09-1813-4F3D-B3D4-04F87F5AD55C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FC1B6B9-EC0F-4E6B-B8EC-FCA8C3929B81}" = lport=137 | protocol=17 | dir=in | app=system |
"{79AF9DB6-4358-42F4-8532-21ADD0B703DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DF9B4A6-BBB2-484C-B874-00AE01F3F3CB}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C6F94D6-B3C0-4FA0-BB7F-16D4666D044D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AF25C0D2-4281-4CC4-A293-32D231C9F2AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2B04B2D-E92A-41C9-B4E7-C6C625F056E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3B8E5C7-2AFC-44D5-800F-F2B18A5BB747}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B45E28A4-102D-48CE-80A9-F4C00B523A74}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B7A02603-BE6D-4945-A29D-76CF88BE5CB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2C08F20-85C6-4F9E-9BE8-42D789517126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4A18026-76A8-4F8E-A05C-354E64AE075C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA419591-BEBD-4011-A934-79DA05EA2E0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E94ED33B-B2B8-42A2-B914-C1189B96E152}" = rport=445 | protocol=6 | dir=out | app=system |
"{EFD61685-B629-40AC-A907-E39E1C69AF87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA398382-D922-4D5D-95C2-1E40DD5BF588}" = rport=10243 | protocol=6 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A690CF-385A-406D-BA1C-A7C537AE9664}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{052BCBC9-5E8A-4949-AE6C-C052CA3919EA}" = dir=out | name=hp registration |
"{0F772099-562B-4BC6-9DAD-05FC722E74C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13E67292-8771-4302-886F-6092C9161886}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{18FDF163-FA59-4828-8600-6F7FA9E911B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19B1A82A-FADF-43FE-9B01-484F0CA12DEF}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{263B9506-96B2-43EC-A21F-3B8218B74AA8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{297F57C4-1414-4303-AFAF-577D95741E51}" = dir=out | name=hp connected photo powered by snapfish |
"{2FF8B3BC-4E6A-4AD6-A481-9E5E521A58CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33C9A19F-919A-4B81-934F-3C03BACA8075}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A3EF8C0-7F2B-414A-BA03-752DCCC99168}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3B206BB6-9C8B-4CCA-BD7A-1244634C6248}" = dir=out | name=hp games |
"{44F8A9B6-A40A-41B2-A487-06A4B5EBA346}" = dir=out | name=windows_ie_ac_001 |
"{4E1B3430-939F-4857-8068-25FCD44105DE}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{52CDA227-9B28-4D83-904C-087335F6294B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DF3571E-6E02-4D62-9EFD-95C6314FDF41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F6A61F5-28D5-4F94-A4AD-9F68FD883D0A}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{60094C8E-E102-4EC7-8F7E-1A26485EE1F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60FC0028-C178-4B0B-ABC7-AE8DA441FFF2}" = dir=out | name=netflix |
"{698DEE60-EB2E-4B21-86E4-489D2DCA122C}" = dir=out | name=skype |
"{69CA8D4D-8EAA-488A-9E3C-C14326087B1C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6F614F73-A8C3-4E5A-B316-D729155624BF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6FD2B683-0C49-4B02-B0B1-41C57905CA51}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{7588AC00-ECDD-4A1F-B9C8-11235E164693}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{7A34AE47-A4E5-49DC-9D3F-7FF3FFE85E93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A45901F-8294-42BE-B8DD-EDF1F9DAA12F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80E9B42A-76C6-4D59-A91C-7C05796C0ED5}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{822ABA2B-07B4-4801-9654-216A30E6D94B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8555F834-D6E7-4B5B-8475-344AE1E0B3B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8861F5C5-B4B8-42F5-9A47-650D623F0786}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{8B51C7EA-784A-487C-9116-82D7253177A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C2D1401-8312-45BE-BC62-1CEC1A3EC05D}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8D71A44E-84B7-4BBC-9ADA-71F0A0B24583}" = dir=out | name=microsoft mahjong |
"{923040CE-0DC2-492D-B0D1-05E53583C164}" = dir=out | name=wordament |
"{94A08BD0-11F9-4F06-BDAD-C5755E222D8F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{98DD7A83-7DFA-46D3-8EFF-5CB2C83A8043}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9A09BBD4-F30C-4AA0-8D98-9C9344FA98BA}" = protocol=6 | dir=out | app=system |
"{9A2B870E-82E2-4946-BBCB-691DA332038A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9C21469F-52C4-464D-95B3-26D0EEDF6C71}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A341E76F-78A5-433A-A399-335CAD86A78D}" = dir=out | name=hp+ |
"{A6DFB8F5-6FC6-4AF6-9223-EF3DE0476A5B}" = dir=out | name=fresh paint |
"{AC1469AA-D744-481A-992E-EFB5CFB0541E}" = dir=out | name=getting started with windows 8 |
"{AD7EDC8A-78FC-4038-A4F1-E1EAAD5BF259}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE8C99DC-4D69-407A-B064-EC026FD7A40D}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{B360E083-6569-4231-BA76-BC19900B45C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB2269C6-5059-47AE-94D0-598A58EF2354}" = dir=out | name=microsoft solitaire collection |
"{BCB0E78D-4F07-4A7A-84AF-FBD7542C1D57}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{BCD55472-C19F-47D9-BA14-3A775601A5B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDD5DC85-FB3B-4306-8A40-D974EDA63CC6}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C3A681C4-5FCD-4FE6-95D6-4F0A00FDDCF4}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C5731B15-6E43-4987-8901-D47490264AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7D91A0E-E3DB-4D43-8F52-6C01577C0A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9027AF0-C093-461A-A5F3-53407C66C5FF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{D72EEAFA-4608-400F-9724-754853DCC0C4}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{DF5B82C2-A8BE-409E-8C98-6298FAFB8618}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{DF6687F6-97D2-4E65-B8D3-3D15C904A222}" = dir=in | name=skype |
"{E086185A-D240-4D03-BC5F-8F7BA8B9D62A}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBA5A719-0F55-477B-9507-3E04617B9937}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC5F3C9F-43B0-4508-9659-1DE9BEB54F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECF3B5A6-E8FD-409C-8EFE-D2127DBFF6CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFE1F89D-912E-47DD-889A-51A74DA2B266}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{EFE52AE7-023A-4D4A-B0BC-7966A628DC21}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F0651AF7-F174-4CAD-B960-C0AEC6292AD1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0AA5297-861A-4AC0-ABDA-DE7F8952B889}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F19D0C3D-9A84-47ED-AD78-C4E36162AEEF}" = dir=out | name=taptiles |
"{F52506CE-D3D2-44DC-8E26-17DB2441FCF0}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C095E-1E4E-AB24-E0BC-A5B473A4C5F7}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54AC7877-2774-05AF-64AA-BC422CAF27FF}" = AMD Accelerated Video Transcoding
"{6821D775-9303-46DD-977A-2D97CA18B054}" = HP 3D DriveGuard
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E2CBE8B3-A792-53B0-B8E3-707189165EC6}" = ccc-utility64
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.10 beta 4 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026424CC-5C4B-D369-F255-D6FE9A9A96C8}" = CCC Help Spanish
"{0298BF32-2DAE-0EDA-4343-23899864FDAB}" = CCC Help Japanese
"{07B3F50F-C065-6DC4-CCEF-883F1EB708D2}" = CCC Help Danish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{0FF68208-0D48-2735-8F79-CE317D9CAB5B}" = CCC Help Korean
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1839351A-5B7D-1A5E-FF91-19F46D8423BB}" = CCC Help Swedish
"{19327C54-F8E2-141B-3B98-B262AE2821EC}" = CCC Help German
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2E9CD258-5B15-A2D8-0F29-AAEE1533C113}" = AMD VISION Engine Control Center
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FC67152-D640-97CB-CA8E-2FA3632B7562}" = CCC Help Italian
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{418C5829-2CE1-F2FB-3AB5-64F445F8A5E7}" = CCC Help Thai
"{42F69B89-7829-6D14-77AA-701212881589}" = CCC Help English
"{44613B7A-527C-4E89-91FC-E611FA62806A}" = HP Documentation
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4C8C0045-268A-8EF7-6998-495857C2FD32}" = CCC Help Chinese Standard
"{4D06D195-3BE4-DB64-9E40-CE82CA078B8C}" = CCC Help Hungarian
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{521D3E35-6FE4-44C0-FB8A-06297EA8A0DB}" = CCC Help Portuguese
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{72AEF569-297D-71CA-9574-6E7668FA3491}" = CCC Help Finnish
"{76EACA59-8D5D-5418-C580-6A81DC6FFF8E}" = Catalyst Control Center Localization All
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7CDCF659-826F-A580-613E-38E094F36924}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}" = HP CoolSense
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E5BDCFB-8171-A1A0-A961-8C398E0A3DBF}" = CCC Help Dutch
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90BC8432-37E1-94B1-D355-2E27EDC8AB5A}" = CCC Help Czech
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A1C4472D-7419-1B25-C556-E545911B00EE}" = CCC Help Greek
"{A266CED6-99FF-D75C-CC0B-04E0EC7D17ED}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACC94646-023A-C241-6760-C1E321756FEA}" = Catalyst Control Center Graphics Previews Common
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B186453E-8B8F-B362-A1F8-289156EC61A3}" = CCC Help Turkish
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3CAD8E0-E5AD-7607-8084-928C96778B42}" = CCC Help Norwegian
"{F9A3AC4D-D219-90DC-A48E-DC6311C4F240}" = CCC Help French
"{FA2F4C7A-546C-384F-5E7A-525D769DF29A}" = Catalyst Control Center InstallProxy
"{FAF4BB02-DEC5-3D10-0EB2-0FB06D4995D7}" = CCC Help Chinese Traditional
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-050581ab-1f9e-42f4-a767-51f590b5b528" = Polar Golfer
"WTA-06677b72-ffb6-40e6-b285-7a9161e065a5" = Letters from Nowhere 2
"WTA-0a339271-73f9-437b-b64c-478edb6fefd1" = Mah Jong Medley
"WTA-15e59710-44e6-4702-94d1-b327d4baf4ac" = The Treasures of Mystery Island: The Ghost Ship
"WTA-24f81d69-2726-435d-8ff6-6f6395eaa531" = FATE: The Cursed King
"WTA-259d0b8f-2452-46e4-9ab5-0eadfbd8a6a6" = Zuma's Revenge
"WTA-26146b27-0b29-4a7e-8562-a0fa6b301e7e" = John Deere Drive Green
"WTA-4aa5c98d-23ed-42e7-a252-056045031b63" = Jewel Match 3
"WTA-5fde118b-20c8-4717-a7ae-6442bf70bfe0" = Build-a-lot
"WTA-7eddb1ca-56a2-4bbe-8eb3-3a376f5ddd8d" = Bejeweled 3
"WTA-844637ea-2e56-4112-824c-0dcc8eae0b61" = Mystery of Mortlake Mansion
"WTA-9b9a3113-6def-46d3-99d7-97e8b5de140a" = Final Drive Fury
"WTA-a5e10ae2-3297-4d59-8e06-a70905eb75bb" = 4 Elements II
"WTA-a7887bbd-f6e6-4f9d-91e5-e2aa0af677dc" = Polar Bowler
"WTA-b71156b2-38d1-40f5-ab51-8accb9560267" = Azteca
"WTA-be450ac2-fe00-490e-b51a-dec264cc4e72" = Bounce Symphony
"WTA-d09630bb-99c2-4f5f-bfd2-7e0bd06a8211" = Roads of Rome 3
"WTA-d3a8d63d-36ff-41e9-95cf-9e1e877a4c35" = Hoyle Card Games
"WTA-d7f43554-ed48-4d69-b3e7-ff287e5e94ae" = Airport Mania
"WTA-da1597a5-d428-4166-840a-c030a0111b1d" = Penguins!
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 6/4/2014 7:33:23 AM | Computer Name = Gemille | Source = System Restore | ID = 8193
Description =
[ HP Software Framework Events ]
Error - 6/4/2014 6:53:08 AM | Computer Name = Gemille | Source = CaslSmBios | ID = 5
Description = 2014/06/04 03:53:08.141|0000079C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
120 from BIOS WMI call Read/0Fh while getting SmartAdapter state
Error - 6/4/2014 6:56:56 AM | Computer Name = Gemille | Source = CaslSmBios | ID = 5
Description = 2014/06/04 03:56:55.912|00000234|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
120 from BIOS WMI call Read/0Fh while getting SmartAdapter state
Error - 6/4/2014 9:15:55 AM | Computer Name = Gemille | Source = CaslSmBios | ID = 5
Description = 2014/06/04 06:15:54.606|000001AC|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
120 from BIOS WMI call Read/0Fh while getting SmartAdapter state
Error - 6/4/2014 9:15:57 AM | Computer Name = Gemille | Source = CaslSmBios | ID = 5
Description = 2014/06/04 06:15:57.162|00000B88|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
120 from BIOS WMI call Read/0Fh while getting SmartAdapter state
[ System Events ]
Error - 6/4/2014 7:48:07 AM | Computer Name = Gemille | Source = DCOM | ID = 10010
Description =
Error - 6/4/2014 8:01:44 AM | Computer Name = Gemille | Source = DCOM | ID = 10029
Description =
Error - 6/4/2014 8:05:45 AM | Computer Name = Gemille | Source = DCOM | ID = 10029
Description =
Error - 6/4/2014 8:23:59 AM | Computer Name = Gemille | Source = DCOM | ID = 10029
Description =
Error - 6/4/2014 8:37:55 AM | Computer Name = Gemille | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 6/4/2014 9:23:41 AM | Computer Name = Gemille | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.
Error - 6/4/2014 9:51:28 AM | Computer Name = Gemille | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Microsoft - Pointing Drawing - Microsoft Hardware USB Mouse.
Error - 6/4/2014 10:22:53 AM | Computer Name = Gemille | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.
Error - 6/4/2014 1:40:12 PM | Computer Name = Gemille | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2889784).
Error - 6/4/2014 1:47:21 PM | Computer Name = Gemille | Source = DCOM | ID = 10010
Description =
Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 10 [color=red]Out of date![/color]
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Google Chrome 35.0.1916.114
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
[u]````````````````````End of Log``````````````````````[/u]
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=fe5f6f7561c901429b1b6d40970d3505
# engine=18552
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-05 05:42:25
# local_time=2014-06-04 10:42:25 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 6247834 0 0
# scanned=191565
# found=0
# cleaned=0
# scan_time=6126
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=fe5f6f7561c901429b1b6d40970d3505
# engine=18564
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 06:06:17
# local_time=2014-06-04 11:06:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 6249266 0 0
# scanned=63729
# found=0
# cleaned=0
# scan_time=1132
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=fe5f6f7561c901429b1b6d40970d3505
# engine=18564
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-05 08:16:46
# local_time=2014-06-05 01:16:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Windows Defender'
# compatibility_mode=5896 16777214 100 94 0 6257095 0 0
# scanned=242202
# found=2
# cleaned=2
# scan_time=4776
sh=C4C91CA0D04C531D8926AE42FE81AC35EE01EEF7 ft=1 fh=c71c00113aea7d1a vn="a variant of Win32/Amonetize.AS potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1163390462-205529737-2524509884-1002\$R5GIQF5.exe"
sh=C4C91CA0D04C531D8926AE42FE81AC35EE01EEF7 ft=1 fh=c71c00113aea7d1a vn="a variant of Win32/Amonetize.AS potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Gemille\Downloads\system32 config system__3515_i793846808_il3419337.exe"
BDscan
QuickScan 32-bitv0.9.9.140
--------------------------
Scan date: Thu Jun 05 03:38:18 2014
Machine ID: 56160DD1
No infection found.
-------------------
Processes
---------
(verified) Google Chrome 1084 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 1088 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2544 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4292 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4388 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4688 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) HP Quick Launch 4764 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(verified) PowerDVD RC Service 236 C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(verified) YCMMirag Application 4164 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Network activity
----------------
Process chrome.exe (1088) connected on port 80 (HTTP) --> 91.199.104.131
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.154
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.101
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.25
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.25
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.25
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.154
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 173.194.127.152
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.101
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 74.125.128.113
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 173.194.127.172
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 173.194.127.102
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 173.194.127.75
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 74.125.128.95
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.95
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.95
Process chrome.exe (2544) connected on port 80 (HTTP) --> 207.200.74.25
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.25
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 50.97.42.201
Process chrome.exe (2544) connected on port 80 (HTTP) --> 58.71.107.51
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 122.252.130.110
Process chrome.exe (2544) connected on port 80 (HTTP) --> 58.71.107.49
Process chrome.exe (2544) connected on port 80 (HTTP) --> 122.252.131.146
Process chrome.exe (2544) connected on port 80 (HTTP) --> 216.12.208.170
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 31.13.68.16
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 199.59.150.10
Process chrome.exe (2544) connected on port 80 (HTTP) --> 122.252.131.167
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 54.201.156.239
Process chrome.exe (2544) connected on port 80 (HTTP) --> 8.39.37.25
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.241.248.7
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.239.51
Process chrome.exe (2544) connected on port 80 (HTTP) --> 54.230.209.37
Process chrome.exe (2544) connected on port 80 (HTTP) --> 50.17.229.49
Process chrome.exe (2544) connected on port 80 (HTTP) --> 184.169.158.25
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 74.121.141.84
Process chrome.exe (2544) connected on port 80 (HTTP) --> 23.23.254.50
Process chrome.exe (2544) connected on port 80 (HTTP) --> 58.71.107.65
Process chrome.exe (2544) connected on port 80 (HTTP) --> 66.135.216.134
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.239.119
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.217.78.184
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 122.252.131.146
Process chrome.exe (2544) connected on port 80 (HTTP) --> 54.239.174.150
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.101
Process chrome.exe (2544) connected on port 80 (HTTP) --> 74.125.128.101
Process chrome.exe (2544) connected on port 80 (HTTP) --> 69.89.76.20
Process chrome.exe (2544) connected on port 80 (HTTP) --> 69.89.76.20
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.185
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.185
Process chrome.exe (2544) connected on port 443 (HTTP over SSL) --> 69.89.76.20
Process chrome.exe (2544) connected on port 80 (HTTP) --> 67.201.52.236
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.60
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.60
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.173
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.173
Process chrome.exe (2544) connected on port 80 (HTTP) --> 50.17.208.89
Process chrome.exe (2544) connected on port 80 (HTTP) --> 68.232.45.253
Process chrome.exe (2544) connected on port 80 (HTTP) --> 66.235.141.144
Process chrome.exe (2544) connected on port 80 (HTTP) --> 66.235.141.144
Process chrome.exe (2544) connected on port 80 (HTTP) --> 66.235.141.144
Process chrome.exe (2544) connected on port 80 (HTTP) --> 66.235.141.144
Process chrome.exe (2544) connected on port 80 (HTTP) --> 203.190.124.16
Process chrome.exe (2544) connected on port 80 (HTTP) --> 118.215.79.139
Process chrome.exe (2544) connected on port 80 (HTTP) --> 118.215.79.139
Process chrome.exe (2544) connected on port 80 (HTTP) --> 124.106.174.184
Process chrome.exe (2544) connected on port 80 (HTTP) --> 124.106.174.184
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.162
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.162
Process chrome.exe (2544) connected on port 80 (HTTP) --> 173.194.127.162
Process chrome.exe (2544) connected on port 80 (HTTP) --> 37.59.67.149
Process chrome.exe (2544) connected on port 80 (HTTP) --> 37.59.67.149
Autoruns and critical files
---------------------------
(verified) BoostSpeed C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
(verified) HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(verified) Microsoft® Windows® Operating System C:\Windows\System32\userinit.exe
(verified) PowerDVD RC Service C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
Browser plugins
---------------
(unsigned) Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
(verified) Bitdefender QuickScan C:\Users\Gemille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\npqscan.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
(verified) HP Network Check c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) NCLauncherFromIE C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
(verified) NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
(verified) Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows® Internet Explorer c:\Windows\SysWOW64\ieframe.dll
Scan
----
MD5: bb1fc298be53aab1e110f6e786bd8ac5 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
MD5: abefa4bd23329fd9bd47496bf2e58774 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
MD5: dad55cef682eae6fa7b4c9487563a496 C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
No file uploaded.
Scan finished - communication took 2 sec
Total traffic - 0.00 MB sent, 0.02 KB recvd
Scanned 535 files and modules - 4 seconds
==============================================================================
↧
Network and Video Card Problems
I was playing a game called Wildstar when it froze. I restarted my computer and the screen went black after the Windows Logo screen. Windows was still running i just couldn't see anything. After restarting in Safe Mode and deleting the driver i was able to start Windows normally again. The only way it would restart in Normal Mode was when i uninstalled the video drivers. I installed the drivers from the disk that came with my video card and the latest and nothing made any difference.
At the same time my internet connection wouldn't allow me to access the internet. It will connect to my router but when i troubleshoot it says "Windows could not automatically detect this network's proxy settings. I have tried connecting with Wifi, cable, another router and it makes no difference.
I am able to connect to the internet from both ways on my other computer. For some reason OTL didn't produce the second .txt file.
Malwarebytes removed some things on my original scan.
Registry Keys: 12
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.BHO, Quarantined, [2722e11e512961d5a5152883689b20e0],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.BHO.1, Quarantined, [6adfba4590ea5adcfdbde0cb06fd1ae6],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.Sandbox, Quarantined, [0c3d8976b5c55dd954668c1f3fc4a45c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.Sandbox.1, Quarantined, [70d98877126845f18832cddead562cd4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.BHO, Quarantined, [29203bc43c3ee94db109dbd08182649c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.BHO.1, Quarantined, [01480ff0c4b6ec4a803aecbf5da6e21e],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.Sandbox, Quarantined, [79d02ad5ee8cdb5b81399b105ca7df21],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.Sandbox.1, Quarantined, [c4850bf47208ab8bb3074c5fcb38bb45],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-2674922670-1425024563-2875477335-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [be8b6897a1d91d19aed6c3eb2bd87888],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2674922670-1425024563-2875477335-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [92b706f9eb8ff442adfa2f7bc043758b],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2674922670-1425024563-2875477335-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [ea5f609f55256fc7f7afe2c8758e8080],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2674922670-1425024563-2875477335-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [ce7b67987505ae885323a91638cb9f61],
↧
[Virus] Need help on how to remove the Skynet Virus
Hello,
I had my internet service suspended because my internet provider found a skynet port 25 virus. I was told to update my anti virus programs and run a full system scan.
I ran Norton internet Security, Spybot, and Malware and they all found nothing.
I was told to run Hijackthis but I don't know what to do with the info.
Any help would be appreciated.
Here is the log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:31:31 PM, on 13/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
FIREFOX: 29.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\Adam\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files (x86)\Cogeco Security Services\apps\ComputerSecurity\Common\FSLAUNCH.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Users\Adam\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4840&r=17360111a506p04d5v135k46n1r37p
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Extensions - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Adam\AppData\Roaming\Browser Extensions\Coupons.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Adam\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [Browser Extensions] "C:\Users\Adam\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BlackBerry Device Manager - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Service Component of VO (VOsrv) - Unknown owner - C:\Users\Adam\AppData\Roaming\VOPackage\VOsrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16468 bytes
↧
[Spyware] .scr file HELP
I've mistakly download an file .scr saying screensaver and run it into my computer... its only 150kbt
virustotal scan of the file:
Ad-Aware Gen:Variant.Strictor.58056 20140624
BitDefender Gen:Variant.Strictor.58056 20140624
Emsisoft Gen:Variant.Strictor.58056 (B) 20140624
F-Secure Gen:Variant.Strictor.58056 20140624
GData Gen:Variant.Strictor.58056 20140624
MicroWorld-eScan Gen:Variant.Strictor.58056 20140624
Qihoo-360 HEUR/Malware.QVM03.Gen 20140624
TrendMicro-HouseCall Suspicious_GEN.F47V0624 20140624
AVG 20140624
AegisLab 20140624
Agnitum 20140624
AhnLab-V3 20140624
AntiVir 20140624
Antiy-AVL 20140624
Avast 20140624
Baidu-International 20140624
Bkav 20140624
ByteHero 20140624
CAT-QuickHeal 20140624
CMC 20140624
ClamAV 20140624
Commtouch 20140624
Comodo 20140624
DrWeb 20140624
ESET-NOD32 20140624
F-Prot 20140624
Fortinet 20140624
Ikarus 20140624
Jiangmin 20140624
K7AntiVirus 20140624
K7GW 20140624
Kaspersky 20140624
Kingsoft 20140624
Malwarebytes 20140624
McAfee 20140624
McAfee-GW-Edition 20140624
Microsoft 20140624
NANO-Antivirus 20140624
Norman 20140624
Panda 20140624
Rising 20140623
SUPERAntiSpyware 20140624
Sophos 20140624
Symantec 20140624
Tencent 20140624
TheHacker 20140622
TotalDefense 20140624
TrendMicro 20140624
VBA32 20140624
VIPRE 20140624
ViRobot 20140624
Zillya 20140624
Zoner 20140616
nProtect 20140624
It shows 8 suspitions
I'm using windows 8.1
What should I do? Should I be preocupied?
↧
↧
browser seems to be running sluggish compare to before
So from this past week, i think some malware deep under maybe effecting the performance of the browser (firefox) even though i had run malwarebyte without no positive result of malware.
Other than that antivirus doesn't seem to detect it at all
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/23/2014
Scan Time: 10:27:28 PM
Logfile: malwarebyte result.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.24.02
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MK
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336602
Time Elapsed: 4 min, 36 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
________________________________________________________________________
# AdwCleaner v3.213 - Report created 23/06/2014 at 22:40:03
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MK - MK-PC
# Running from : C:\Users\MK\Downloads\adwcleaner_3.213.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\MK\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Deleted : C:\Users\MK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddceehghdpngbebkajfkbcccdkmdmihn
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\th68koj6.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\MK\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ddceehghdpngbebkajfkbcccdkmdmihn
Deleted [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
*************************
AdwCleaner[R0].txt - [1312 octets] - [06/10/2013 05:36:02]
AdwCleaner[R1].txt - [1098 octets] - [08/10/2013 05:31:41]
AdwCleaner[R2].txt - [1156 octets] - [08/10/2013 05:34:32]
AdwCleaner[R3].txt - [1747 octets] - [23/06/2014 22:37:19]
AdwCleaner[S0].txt - [1385 octets] - [06/10/2013 05:36:43]
AdwCleaner[S1].txt - [1684 octets] - [23/06/2014 22:40:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1744 octets] ##########
↧
[Trojan] V9.Com/homesweetim.com browser malware/Trojan
I've been trying to remove these 2 pages by all meanings from my dad's laptop. I have no idea how he got it, but they are really painful.
I've tried whatever I saw on other boards but no use. It's really out of my league so I need your help.
I've checked from regedit after making system files visible in specific folders but they are not visible. I couldn't find their place but every time we open the Google Chrome, 2 pages open automatically: v9.com & homesweetim.com (or sometimes the latter one prefer to be search.sweetsearch... or something like that.)
There are no findings as faw as I've checked but again, I'm not really a pro.
Can you please help me / direct me?
Thanks,
Cansu
↧
Computer Very Slow
This started in the last week. Very slow with anything I do. I'll start the scans and post the results. Thanks!
NOTE LATER: I'm sorry, I forgot to do "Enable Show Hidden Files and Folders" prior to running the scans. You probably want to scroll down until you see the 2nd batch of scan results, after I enabled Show Hidden Files and Folders. (Of course Extras.txt only showed up on the first OTL scan.)
Thank you!
↧
computer seems to be hijacked
Hi,
I'm having trouble with my computer, it seems that it's been taken over by someone.
It was running really slow, so I opened up the task manager, it continually shows the CPU usage at 75 to 100% usage, even though I have no programs open. I also get messages that IE browsers have closed unexpectedly... even though I have open no browsers. When I look at the applications tab, it shows nothing running, when I look at the processes tab... it has tons of COM Surrogate running. I right clicked on these and end process... they go away and the CPU usage drops.... but with in minutes these COM Surrogates all return and CPU usage sky rockets.
It's making my computer almost useless. Things I have tried:
1) disconnecting the modem... CPU usage drops to minimal, but as soon as Iplug back in, it all start over again.
2) updated Norton and Spybot (the free version), unconnected the internet, restarted computer, run full scan Norton virus check, run spybot, and immunized.
3) run windows cleanup - removed all tempfiles, etc.
4) set Norton firewall params all to on except the Block all Network traffic
5) ran both AVS registry cleanup and Noton registry cleanup
Note: when I look at my Norton security history, I see some of these:
IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface (IP address: 2001:9d38:6ab8:204s ....
I also see High CPU usage by :Com.Surrogate warnings.
Any help/advice would be greatly appreciated.
↧
↧
Seemingly infected please help
I've finished the Mandatory Steps bu can't open the log in Malwarebytes to post it. Can someone please tell me to access the log?
Thank you,
Becky
↧
Computer Very Slow
This started in the last week. Very slow with anything I do. I'll start the scans and post the results. Thanks!
NOTE LATER: I'm sorry, I forgot to do "Enable Show Hidden Files and Folders" prior to running the scans. You probably want to scroll down until you see the 2nd batch of scan results, after I enabled Show Hidden Files and Folders. (Of course Extras.txt only showed up on the first OTL scan.)
Thank you!
↧
Strange Music Web Browsing
I am having a problem strange music playing sometimes when browsing the web. Sometimes it is talking instead of music. I have been working on this for a while without much success. I installed Malwarebytes and it seems to be stopping an out bound connection from my computer on a high port in the 5x,xxx range. The port numbers seem to vary. Malwarebytes flags it as something bad. ESET found a threat with something about a Y conduit bad app. I think I may have a virus.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/7/2014
Scan Time: 5:06:39 PM
Logfile: malwarescan.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.07.13
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: lee
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280860
Time Elapsed: 14 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v3.311 - Report created 07/10/2014 at 17:26:49
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : lee - LAPTOP
# Running from : C:\Users\lee\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
*************************
AdwCleaner[R0].txt - [1292 octets] - [06/10/2014 17:08:16]
AdwCleaner[R1].txt - [791 octets] - [07/10/2014 17:24:48]
AdwCleaner[S0].txt - [1375 octets] - [06/10/2014 17:17:13]
AdwCleaner[S1].txt - [713 octets] - [07/10/2014 17:26:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [772 octets] ##########
OTL logfile created on: 10/7/2014 5:36:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lee\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.79% Memory free
6.48 Gb Paging File | 4.74 Gb Available in Paging File | 73.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 214.63 Gb Free Space | 72.02% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014/10/07 17:34:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lee\Desktop\OTL.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/02/20 16:01:12 | 000,176,640 | ---- | M] () -- C:\Program Files\ZD Systems\ZD Manager\ZDManagerService.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 21:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
PRC - [2012/11/02 21:07:24 | 001,099,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Launchpad.exe
PRC - [2012/11/02 19:03:44 | 000,098,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe
PRC - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
PRC - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
PRC - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/21 13:02:11 | 002,707,526 | ---- | M] (Zinio, LLC) -- C:\Program Files\Zinio\ZinioReader.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014/09/10 22:46:36 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\60e8c3eab577fe8bd21e419085a3c843\System.IdentityModel.ni.dll
MOD - [2014/09/10 22:46:30 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9614efdd4e4b30e71fdee7888135009f\System.ServiceModel.ni.dll
MOD - [2014/09/10 22:45:06 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\2d91f280276699ddb2602e9d020a1cdd\PresentationFramework-SystemXml.ni.dll
MOD - [2014/09/10 02:06:12 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\1269ba2bee1b8587ae523e6d9abff484\PresentationFramework.ni.dll
MOD - [2014/09/10 02:05:51 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\38fdb5c1bcfbed498ea2db40ef6aa23e\PresentationCore.ni.dll
MOD - [2014/09/10 02:05:43 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\94110ad15c57cfddf356ece3d307d533\System.Xaml.ni.dll
MOD - [2014/09/10 02:05:37 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\057cef93417231d7d4f8ed84841c12f1\WindowsBase.ni.dll
MOD - [2014/09/10 02:05:31 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b51470d7e909c4fab01a25fd1e1c42dc\System.Windows.Forms.ni.dll
MOD - [2014/09/10 02:05:20 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\c2d1735e9f72e974cd34063a714a309f\System.Runtime.Serialization.ni.dll
MOD - [2014/09/10 02:05:18 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\08fbe280b07b0401b857454aef95ea81\System.ServiceModel.Internals.ni.dll
MOD - [2014/09/10 02:05:18 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\003f540cf55cae8805bb30d8b240ec86\SMDiagnostics.ni.dll
MOD - [2014/09/10 02:05:17 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4a58ac3c4f453c2573a9713b15f91df5\System.Security.ni.dll
MOD - [2014/09/10 02:05:13 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3c777eb7042798554bcf10134595273e\System.Xml.ni.dll
MOD - [2014/09/10 02:05:10 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\28684b3f787d06edd1de8b574521d867\System.Core.ni.dll
MOD - [2014/09/10 02:05:04 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5ee6a5fbbf59e1c3ca14631ff12dd6ec\System.Configuration.ni.dll
MOD - [2014/09/10 02:05:01 | 010,061,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9b943fcb3af2101cfb3467161c6ac0ed\System.ni.dll
MOD - [2014/02/12 16:18:32 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/02/12 16:15:53 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/12 15:41:57 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/12 15:41:43 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 15:41:07 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2014/09/23 23:59:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/18 16:36:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/20 16:01:12 | 000,176,640 | ---- | M] () [Auto | Running] -- C:\Program Files\ZD Systems\ZD Manager\ZDManagerService.exe -- (ZDManager Service)
SRV - [2012/11/02 21:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV - [2012/11/02 19:03:44 | 000,098,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV - [2012/11/02 18:46:40 | 000,084,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2010/02/27 23:53:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\lee\AppData\Local\Temp\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - [2014/10/07 17:30:29 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/02/06 04:06:15 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/03/02 14:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/10/28 11:59:06 | 000,035,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 17:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2008/11/05 14:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 06:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 06:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/10/30 18:41:46 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2007/05/29 22:32:58 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2kp.sys -- (USA19H2KP)
DRV - [2005/10/19 14:37:14 | 000,077,056 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2005/10/19 14:37:14 | 000,077,056 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2004/07/22 08:36:16 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP76DHP&pc=UP76&dt=051813
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 02 01 A0 EA 30 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 23:06:09 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2014/10/07 17:03:44 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ZD Manager IE Plugin) - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files\ZD Systems\ZD Manager\ZDManager.dll (ZD Systems)
O4 - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\lee\AppData\Local\Apps\2.0\DQZV6T1P.6HT\5JH669LX.4GT\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe File not found
O4 - HKCU..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: master ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B33E4F-CFC1-4BAE-B173-9DD7B6930B0B}: DhcpNameServer = 192.168.0.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B33E4F-CFC1-4BAE-B173-9DD7B6930B0B}: NameServer = 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529E0145-2371-4862-BF3C-1BD91FF5E800}: DhcpNameServer = 192.168.0.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529E0145-2371-4862-BF3C-1BD91FF5E800}: NameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014/10/07 17:34:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lee\Desktop\OTL.exe
[2014/10/07 16:48:50 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\lee\Desktop\TFC.exe
[2014/10/06 17:08:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/05 03:42:54 | 000,000,000 | ---D | C] -- C:\Users\lee\AppData\Local\Apps
[2014/10/05 03:42:53 | 000,000,000 | ---D | C] -- C:\Users\lee\AppData\Local\Deployment
[2014/10/04 23:44:15 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/04 23:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/04 23:43:07 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/04 23:43:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/04 23:43:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/04 23:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/04 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/04 23:42:44 | 000,000,000 | ---D | C] -- C:\Users\lee\AppData\Local\Programs
[2014/09/30 14:38:34 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/09/23 23:23:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/09/17 01:50:10 | 000,701,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/17 01:50:10 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/10 02:30:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/09/10 02:29:59 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/10 02:29:58 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/10 02:29:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/09/10 02:29:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/09/10 02:29:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/09/10 02:29:56 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/09/10 02:29:55 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/09/10 02:29:55 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/10 02:29:55 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/10 02:29:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/10 02:29:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/10 02:29:54 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/09/10 02:29:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/09/10 02:29:53 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/09/10 02:29:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/09/10 02:29:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/09/10 02:29:52 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/09/10 02:29:51 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/09/10 02:29:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/10 02:29:51 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/09/10 02:29:46 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/10 02:29:45 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/10 02:28:56 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/09/10 02:00:52 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/09/10 02:00:15 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/09/10 02:00:14 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/09/10 02:00:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014/10/07 17:36:56 | 000,021,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/07 17:36:56 | 000,021,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/07 17:34:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lee\Desktop\OTL.exe
[2014/10/07 17:30:29 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/07 17:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/07 17:29:02 | 2609,528,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/07 17:23:15 | 001,375,089 | ---- | M] () -- C:\Users\lee\Desktop\adwcleaner_3.311.exe
[2014/10/07 17:03:44 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/10/07 17:03:14 | 000,000,873 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2014/10/07 16:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/07 16:48:50 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\lee\Desktop\TFC.exe
[2014/10/04 23:43:29 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/23 23:59:39 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/23 23:59:39 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/22 23:12:53 | 008,858,244 | ---- | M] () -- C:\Users\lee\AppData\Local\census.cache
[2014/09/22 23:12:38 | 000,101,934 | ---- | M] () -- C:\Users\lee\AppData\Local\ars.cache
[2014/09/22 23:11:34 | 000,000,010 | ---- | M] () -- C:\Users\lee\AppData\Local\sponge.last.runtime.cache
[2014/09/22 01:41:56 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/10 02:07:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/10 02:03:05 | 000,662,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/10 02:03:05 | 000,122,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/09 16:47:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014/10/07 17:23:15 | 001,375,089 | ---- | C] () -- C:\Users\lee\Desktop\adwcleaner_3.311.exe
[2014/10/04 23:43:29 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/17 01:50:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 17:37:49 | 000,000,010 | ---- | C] () -- C:\Users\lee\AppData\Local\sponge.last.runtime.cache
[2013/05/31 11:05:22 | 000,000,037 | -HS- | C] () -- C:\Users\lee\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/05/18 15:18:54 | 000,238,086 | ---- | C] () -- C:\ProgramData\1368908191.bdinstall.bin
[2013/04/29 22:34:51 | 001,014,515 | ---- | C] () -- C:\ProgramData\1367291297.bdinstall.bin
[2013/01/04 11:18:34 | 008,858,244 | ---- | C] () -- C:\Users\lee\AppData\Local\census.cache
[2013/01/04 11:18:27 | 000,101,934 | ---- | C] () -- C:\Users\lee\AppData\Local\ars.cache
[2013/01/04 11:05:20 | 000,000,036 | ---- | C] () -- C:\Users\lee\AppData\Local\housecall.guid.cache
[2012/11/30 14:00:24 | 000,037,850 | ---- | C] () -- C:\Users\lee\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/01/09 00:13:48 | 000,000,600 | ---- | C] () -- C:\Users\lee\AppData\Roaming\winscp.rnd
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
OTL Extras logfile created on: 10/7/2014 5:36:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lee\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.79% Memory free
6.48 Gb Paging File | 4.74 Gb Available in Paging File | 73.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 214.63 Gb Free Space | 72.02% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162EF598-6127-4AB1-8015-27A373CFE17F}" = lport=139 | protocol=6 | dir=in | app=system |
"{1CEA9352-B33A-4E7E-A1FF-1B6A109E3D57}" = rport=445 | protocol=6 | dir=out | app=system |
"{452A362E-347D-4BEC-A9BC-7BA884385D89}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C8DB87D-9008-4827-939B-4B7DAB807446}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{694F467F-7D3C-40EB-8058-9A4FC650A751}" = lport=138 | protocol=17 | dir=in | app=system |
"{806A6722-8E6E-45DA-81B9-3A30ADAC4F24}" = lport=445 | protocol=6 | dir=in | app=system |
"{8181D975-EDDE-4CBE-92A7-9984D949D89D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A25922C-67B5-4C6B-8A6A-6AC36532202A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B133E0DF-B984-404A-885F-7A0F3C975D79}" = rport=138 | protocol=17 | dir=out | app=system |
"{BF9BEF24-AC48-4FB4-8F55-2015341B50F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D82C6B98-BD9C-4F50-9BA5-303E3AE74B70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F05B5FAA-D276-437E-A9E1-6DDD14EFB381}" = rport=139 | protocol=6 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003A0997-7C51-4E69-BDD3-F7E40B46774D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DB3E903-5082-4D3B-819D-FBFF98D722B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A608CC3-4A63-4A2B-AE01-05DC5E882D07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{529A1773-CADA-4B4A-AEAB-44C1BDE5F061}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CA185CAF-3FB5-48F6-96D2-FE75951AAAB7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6EC6464-A03E-4244-861D-A54DC189AAA6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{2E124377-9452-4932-9E19-200A692D0A8C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7129E52A-5700-4F4D-8B16-1F19145DE362}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{71F0A43F-610A-4A75-846D-C26ED46DB442}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |
"TCP Query User{C0752DED-E96E-4D67-A792-F047B5A7DD39}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DD1876B4-EBBA-415D-AC12-2B0F7A8D6AA2}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{EC0E58C9-6656-4980-AAFF-03168688ECE4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F1CCBCB4-9429-4906-9626-5E148C27D53B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{38299A8B-985A-4CE2-AD52-925BFFA8159F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{54C9574A-1926-4677-9733-1CB9D145430D}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{5DC54131-6BA8-44F3-A879-3E77A84F30E9}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |
"UDP Query User{6AD3CF26-5D81-4AAD-B308-85AD67DCDB55}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{B462B3C7-3058-4687-9054-3754A39FA73C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CDECABC9-374B-42BC-AABF-40F5ABF4FF54}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D36E5668-24B1-4D6E-A239-98ADBB6A046D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{46DCED50-3A1D-4EF4-94F0-45F2681E3D70}" = Windows Home Server 2011 Connector
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{7CAD9E56-C6BA-4911-A519-AF4DE21C4129}" = Garmin TOPO U.S. 24K Southwest v2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{E06C3E88-BEC1-4EE8-9644-0A4EAAA42A82}" = Garmin TOPO U.S. 24K South Central v2
"{F487FEEC-AE9F-4E68-82F2-300F49A8C435}" = Garmin BaseCamp
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Security Client" = Microsoft Security Essentials
"PRO" = Microsoft Office Professional 2007
"ZDManager" = ZD Manager
"ZenDeals" = ZD for Chrome
"Zinio Reader" = Zinio Reader
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 1/29/2013 3:42:52 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6665.5003, time
stamp: 0x5061d307 Faulting module name: pstprx32.dll, version: 12.0.6658.5000, time
stamp: 0x4f32182a Exception code: 0xc0000005 Fault offset: 0x0000bb7f Faulting process
id: 0xe78 Faulting application start time: 0x01cdfe5541e43545 Faulting application
path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Faulting module path:
C:\Program Files\Microsoft Office\Office12\pstprx32.dll Report Id: 110e8f7b-6a4c-11e2-9ddc-0015c53c84db
Error - 1/29/2013 10:29:43 PM | Computer Name = laptop | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 1/30/2013 5:25:39 PM | Computer Name = laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 1/31/2013 4:20:45 AM | Computer Name = laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 1/31/2013 12:28:12 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application name: housecall.bin, version: 1.61.0.1024, time
stamp: 0x4cc3574b Faulting module name: housecall.bin, version: 1.61.0.1024, time
stamp: 0x4cc3574b Exception code: 0x40000015 Fault offset: 0x000b47ca Faulting process
id: 0x9e4 Faulting application start time: 0x01cdff67e2810d88 Faulting application
path: C:\Users\lee\AppData\Local\Temp\HouseCall\housecall.bin Faulting module path:
C:\Users\lee\AppData\Local\Temp\HouseCall\housecall.bin Report Id: 3427bb0d-6bc3-11e2-a9cb-0015c53c84db
Error - 1/31/2013 1:15:16 PM | Computer Name = laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 1/31/2013 1:15:48 PM | Computer Name = laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 1/31/2013 1:16:25 PM | Computer Name = laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 1/31/2013 1:16:30 PM | Computer Name = laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 2/1/2013 12:05:22 AM | Computer Name = laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ OSession Events ]
Error - 1/29/2013 3:42:51 PM | Computer Name = laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1532
seconds with 60 seconds of active time. This session ended with a crash.
Error - 2/26/2014 3:01:39 PM | Computer Name = laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/7/2014 6:00:46 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error: %%1058
Error - 10/7/2014 6:00:47 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058
Error - 10/7/2014 6:03:12 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7003
Description = The Windows Server Media Center TV Archive Transfer Service service
depends the following service: ehRecvr. This service might not be installed.
Error - 10/7/2014 6:29:00 PM | Computer Name = laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 10/7/2014 6:29:00 PM | Computer Name = laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 10/7/2014 6:29:11 PM | Computer Name = laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 10/7/2014 6:29:30 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The rimmptsk service failed to start due to the following error: %%1058
Error - 10/7/2014 6:29:30 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error: %%1058
Error - 10/7/2014 6:29:30 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058
Error - 10/7/2014 6:31:49 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7003
Description = The Windows Server Media Center TV Archive Transfer Service service
depends the following service: ehRecvr. This service might not be installed.
[ WSSG Events ]
Error - 10/4/2014 4:51:04 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/4/2014 6:21:53 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/5/2014 1:23:05 AM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/5/2014 7:51:29 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/5/2014 8:21:53 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/6/2014 1:29:03 AM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/6/2014 1:03:19 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/6/2014 3:05:20 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/6/2014 7:49:23 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Error - 10/6/2014 8:22:02 PM | Computer Name = laptop | Source = Windows Server | ID = 268370434
Description = Backup job 0 on STASH did not succeed. Reason: DBErrors, System.String[]
Results of screen317's Security Check version 0.99.88
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Adobe Reader XI
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]
↧
[Malware] Caught a bug yesterday
Got PC Optimizer and Astromenda yesterday I cleaned up myself with Eset Online and Malwarebytes last night but thought I should probably go through all the steps this morning and have you guys/gals take a look.
I'll start with yesterdays' scan results and then in the next post do today's log files:
ESET Yesterday
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
D:\Downloads\duplicate-file-finder-setup.exe MSIL/MyPCBackup.B potentially unwanted application
D:\Downloads\easy_duplicate_setup.exe Win32/MyPCBackup.A potentially unwanted application
D:\Downloads\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Falcon - 7(x64)\Shareware\cpu-z_1.63-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSIFB0C.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
D:\Downloads\Unlocker1.9.2.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
MalwareBytes Yesterday
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/11/2014
Scan Time: 5:12:53 PM
Logfile: malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.11.11
Rootkit Database: v2014.10.11.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martha Green
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364803
Time Elapsed: 9 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [86f1957e3c40eb4b5ee39e75d231a060],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-588162342-2481727015-1886252281-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [b2c5e42f44382d09bf3f400aa85b42be],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-588162342-2481727015-1886252281-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [680f888ba5d737ff60ea3a271ee6a15f],
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-588162342-2481727015-1886252281-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [680f888ba5d737ff60ea3a271ee6a15f]
Registry Data: 0
(No malicious items detected)
Folders: 10
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [bcbb8390413b6dc9c5cb8f48d32ff30d],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
Files: 40
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [4c2ba27104780234b14f16fd24df18e8],
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [9ed9ce456913310512ef789b927104fc],
PUP.Optional.Astromenda, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\searchplugins\Astromenda.xml, Quarantined, [225563b0f28a211546b38497808336ca],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi, Quarantined, [d89fb75c314bc1754a74a0e659ab8977],
Rogue.Multiple, C:\ProgramData\374311380\BITD4A.tmp, Quarantined, [bcbb8390413b6dc9c5cb8f48d32ff30d],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\astcnfg.dat, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, [3d3ade35423a1a1ca68d4ac033d07888],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\bootstrap.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\chrome.manifest, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\icon.png, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\icon64.png, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\install.rdf, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\astr.1.2.jsm, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\astr.1.2h.jsm, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\background.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\browser.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\header.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\timer.jsm, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\aes.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\hmac-md5.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\jsencrypt.min.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\md5.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\string.min.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\underscore-min.js, Quarantined, [d99e888bc2ba04323ccdcc446a99857b],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav-groups, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\favs##932e23739338fa2c350193e177aee6b8, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\0b58234bd29fe56bf370f31228b6c811, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\265893250fe392893e099ca7e80b33e8, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\3990a353dff756afce9fd87757ae76b9, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\4f9bb439a8aca395c7a6af5e388415cf, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\61c1fcd9c3088f1029aadf0a2b2cc5b1, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\7d4fc78d95333346d06e13722be61915, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\a634660ab5b2bf18c5f32a688199c7d1, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\c88e066a644cc37e30cd944b91064e70, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\d365fa475dfd2349f7ed0c687080a6b4, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\d71b5347e39927c8e2799f6279097c74, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
PUP.Optional.Astromenda.A, C:\Users\Martha Green\AppData\Roaming\Mozilla\Firefox\Profiles\4z32qoiq.default\astrmndant\fav_thumbs\ea7a7fb8cd568c5fdff3019c4b788e74, Quarantined, [0f684bc8b5c7f54105948d84e71ccf31],
Physical Sectors: 0
(No malicious items detected)
(end)
↧
↧
[Virus] Windows Control Processor Virus - Possibly Conhost?
Adding all attachments to this post in case it makes it easier.
[att=1][att=2][att=3][att=4][att=5][att=6][att=7]
I got hit yesterday evening and disconnected from the internet and ran Malwarebytes and Adwcleaner.
This morning I came here and read the pre-cleaning criteria and performed the required scans.
I'd like to make sure I'm clean and everything is fixed.
Thanks.
I ran Temp File Cleaner
Here's yesterday & today's Malwarebytes logs:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/27/2015
Scan Time: 6:49:05 PM
Logfile: mbam012715.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.21.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 477641
Time Elapsed: 21 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 4
IPH.Trojan.Clicker.W7, C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll, Delete-on-Reboot, [0cfec733e0a9e74f3aa0af518f718d73],
IPH.Trojan.Clicker.W7, C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll, Delete-on-Reboot, [0cfec733e0a9e74f3aa0af518f718d73],
IPH.Trojan.Clicker.W7, C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll, Delete-on-Reboot, [0cfec733e0a9e74f3aa0af518f718d73],
IPH.Trojan.Clicker.W7, C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll, Delete-on-Reboot, [0cfec733e0a9e74f3aa0af518f718d73],
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
IPH.Trojan.Clicker.W7, HKU\S-1-5-21-3953604979-3912728852-2169977925-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jfsfoiplafba, regsvr32.exe /s "C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll", Quarantined, [0cfec733e0a9e74f3aa0af518f718d73]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
IPH.Trojan.Clicker.W7, C:\Users\Kathy\AppData\Local\19th Parallel\jfsfoiplafba.dll, Delete-on-Reboot, [0cfec733e0a9e74f3aa0af518f718d73],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/28/2015
Scan Time: 10:52:17 AM
Logfile: mbam012815.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.28.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 895938
Time Elapsed: 3 hr, 35 min, 38 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
--
http://www.flickr.com/photos/37153430@N03/
↧
Missing Files, Programs won't open
Attaching a file with the required information.
↧
visual shopper
how do I get rid of visual shopper?
↧