Search similar:
|
uniqs 3087 |
|
|
|
J_Raw join:2012-09-27 Norwood, ON |
J_Raw
Member
2012-Sep-30 3:27 pm
[Malware] my computer is slow with video but the audio plays ashere's the info for MBAM: arebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org
Database version: v2012.09.27.10
Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-HP [administrator]
Protection: Enabled
27/09/2012 6:37:05 PM mbam-log-2012-09-27 (18-37-05).txt
Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 351120 Time elapsed: 57 minute(s), 1 second(s)
Memory Processes Detected: 1 C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ\svchost.exe (PUP.BitMiner) -> 4164 -> No action taken.
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 1 C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ\svchost.exe (PUP.BitMiner) -> No action taken.
(end)
here's the info from OTL: OTL logfile created on: 27/09/2012 7:40:14 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.48 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 63.91% Memory free 10.96 Gb Paging File | 8.78 Gb Available in Paging File | 80.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 672.57 Gb Total Space | 610.45 Gb Free Space | 90.76% Space Free | Partition Type: NTFS Drive D: | 21.91 Gb Total Space | 2.33 Gb Free Space | 10.64% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.21% Space Free | Partition Type: FAT32 Drive F: | 297.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/09/27 19:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (1).exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/08/29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/08/22 22:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011/02/07 03:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/09/20 14:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/09/16 06:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/09/15 17:15:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/25 22:08:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/02/07 03:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/15 20:34:35 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/30 20:45:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/10/30 20:45:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/09/16 06:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/09/16 05:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/08/18 08:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011/06/17 07:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/17 07:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=107738&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=ee99b3b900000000000078e3b56b571b IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=107738&tt=120912_pcp_3812_2&babsrc=SP_ss&mntrId=ee99b3b900000000000078e3b56b571b IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8A296747-046D-4585-A643-2FFE81253620}&mid=6ba8a023968047d0b330ada0952872b7-c0c543269458e32d04d7432e87b3bcf57673945d&lang=en&ds=cv011&pr=sa&d=2012-05-17 20:42:48&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/25 21:42:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/25 21:42:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/27 18:43:15 | 000,000,000 | ---D | M]
[2012/05/17 20:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions [2012/05/17 20:41:16 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/07/27 01:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Web Assistant = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeadcbjghicaeojlcjpechlhcophnok\1.0_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigokgcfhfkdaolnobhbdfoenhiooam\1.0_0\ CHR - Extension: Assassin's Creed III = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.2_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlkgdlanlinbkppaahefdoemkgeflog\1.0_0\ CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Codecv Class) - {09518952-CA53-01D3-5448-ED518566D893} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Codecv Class) - {4619A8BC-9A51-04E0-C050-67C8169FC6EE} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Codecv Class) - {A2242AC8-2BE9-C10E-9728-7D7D7A80734D} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Codecv Class) - {E6237AA6-D48D-C49D-FD9C-3B5798807618} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Crash Reporter®] C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ\Crash.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingB6314] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll" File not found O4 - HKCU..\RunOnce: [SpybotDeletingB7665] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll" File not found O4 - HKCU..\RunOnce: [SpybotDeletingB961] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe" File not found O4 - HKCU..\RunOnce: [SpybotDeletingD1632] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD2866] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD7155] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F8C5722-38EF-44E6-9278-9322EE642C04}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AFC436C-E702-4F67-87C9-F7E3C1B0FB36}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/09/27 17:23:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\addpcs [2012/09/27 17:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner [2012/09/26 21:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/09/26 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/09/26 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/09/26 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes [2012/09/26 20:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/26 20:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/26 20:10:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/26 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/26 18:21:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/26 18:21:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/26 18:21:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/26 18:21:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/26 18:21:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/26 18:21:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/26 18:21:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/26 18:21:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/26 18:21:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/26 18:21:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/26 18:21:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/26 18:21:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/26 18:21:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/26 18:21:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/26 18:21:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/25 21:46:10 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/25 21:42:48 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012/09/25 21:31:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC [2012/09/25 21:31:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2012/09/19 11:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012/09/18 06:01:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ [2012/09/18 06:01:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Users\John\AppData\Roaming\Crash_Report.exe [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012/09/17 21:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/09/15 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Publish Providers [2012/09/15 17:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sony [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012/09/15 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Sony [2012/09/15 15:44:42 | 000,000,000 | ---D | C] -- C:\Fraps [2012/09/15 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\BANDISOFT [2012/09/15 15:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [2012/09/15 15:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam [2012/09/15 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2012/09/15 14:54:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{1429AA51-E751-4AFD-9342-33799AC687E1} [2012/09/13 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Photoshop Elements 10 [2012/09/13 00:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/09/13 00:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/09/13 00:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/09/13 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/09/12 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Photoshop CS6 [2012/09/12 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Premiere Pro CS6 [2012/09/12 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/09/12 21:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/09/12 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/09/12 01:08:04 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 01:08:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 01:08:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 01:08:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/08 12:13:22 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/09/08 12:13:22 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/09/08 12:13:22 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/09/08 12:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/09/08 11:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/08 11:14:01 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/08 11:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/08 11:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/08 11:13:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/08 11:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/07 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/09/07 19:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/09/03 18:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armadillo Run Demo [2012/09/03 18:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armadillo Run Demo [2012/08/30 09:46:46 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012/08/30 09:46:44 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012/08/29 21:07:07 | 000,000,000 | ---D | C] -- C:\Users\John\jagexcache [2012/08/29 21:04:42 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/08/28 22:46:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Eclipse [2012/08/28 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\John\workspace
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/09/27 19:06:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/27 19:01:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/27 18:34:29 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/27 18:34:29 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/27 18:33:46 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/27 18:26:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/27 18:26:53 | 000,000,364 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterTask{61673627-7861-4A9F-83B4-B9AB46EEBAAD}.job [2012/09/27 18:26:53 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{6CEAEC90-5BC3-4C1D-AC28-71E80443A388}.job [2012/09/27 18:26:53 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterTask{9977B885-26E5-4E89-A13D-9413A24330D0}.job [2012/09/27 18:26:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/27 18:26:42 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys [2012/09/27 15:30:44 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/27 15:30:44 | 000,630,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/27 15:30:44 | 000,111,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/27 06:10:02 | 000,000,524 | ---- | M] () -- C:\Windows\wininit.ini [2012/09/26 21:24:55 | 000,001,242 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/09/26 18:38:57 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job [2012/09/25 22:08:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/25 22:08:17 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/24 21:55:11 | 000,000,563 | ---- | M] () -- C:\Users\John\Documents\eng essay works cited.rtf [2012/09/24 21:49:00 | 000,000,597 | ---- | M] () -- C:\Users\John\Documents\eng essay title.rtf [2012/09/24 21:44:09 | 000,006,087 | ---- | M] () -- C:\Users\John\Documents\eng esssay.rtf [2012/09/19 11:42:19 | 000,001,416 | ---- | M] () -- C:\Users\John\Documents\Fraps.lnk [2012/09/18 06:01:24 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Users\John\AppData\Roaming\Crash_Report.exe [2012/09/17 21:37:34 | 000,000,768 | ---- | M] () -- C:\user.js [2012/09/16 21:43:40 | 004,892,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/15 18:44:16 | 013,160,679 | ---- | M] () -- C:\Users\John\Documents\LP.wma [2012/09/15 17:49:19 | 000,001,040 | ---- | M] () -- C:\Users\John\Documents\Vegas Pro 11.0.lnk [2012/09/14 23:04:53 | 000,000,132 | ---- | M] () -- C:\Users\John\AppData\Roaming\Adobe IllExport Filter CS6 Prefs [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2012/09/13 09:25:38 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012/09/13 00:17:50 | 000,001,075 | ---- | M] () -- C:\Users\John\Documents\Adobe Photoshop CS6 (64 Bit).lnk [2012/09/12 21:41:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/09/12 20:29:25 | 000,002,666 | ---- | M] () -- C:\Users\John\Documents\alien religeon.rtf [2012/09/08 12:13:13 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/09/08 12:13:13 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/09/08 12:13:13 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/09/08 12:13:13 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/09/08 11:13:38 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/08 11:13:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/08 11:13:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/08 11:13:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/08 11:13:33 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/08 11:13:32 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/09/07 19:26:57 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/31 19:57:52 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/30 09:46:46 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012/08/30 09:46:44 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012/08/30 08:36:19 | 000,001,907 | ---- | M] () -- C:\Users\John\Documents\WorldPainter.lnk [2012/08/30 08:36:01 | 002,605,840 | ---- | M] (pepsoft.org) -- C:\Users\John\Documents\worldpainter_64_0.10.2.exe [2012/08/29 21:23:49 | 000,000,024 | ---- | M] () -- C:\Users\John\random.dat [2012/08/29 21:07:07 | 000,000,043 | ---- | M] () -- C:\Users\John\jagex_cl_runescape_LIVE.dat
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/09/27 18:43:11 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2012/09/27 18:33:46 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/27 17:22:29 | 000,000,870 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk [2012/09/27 06:10:01 | 000,000,524 | ---- | C] () -- C:\Windows\wininit.ini [2012/09/26 21:24:55 | 000,001,242 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/09/24 21:55:10 | 000,000,563 | ---- | C] () -- C:\Users\John\Documents\eng essay works cited.rtf [2012/09/24 21:49:00 | 000,000,597 | ---- | C] () -- C:\Users\John\Documents\eng essay title.rtf [2012/09/21 21:04:59 | 000,006,087 | ---- | C] () -- C:\Users\John\Documents\eng esssay.rtf [2012/09/19 11:42:19 | 000,001,416 | ---- | C] () -- C:\Users\John\Documents\Fraps.lnk [2012/09/15 18:44:16 | 013,160,679 | ---- | C] () -- C:\Users\John\Documents\LP.wma [2012/09/15 17:49:19 | 000,001,040 | ---- | C] () -- C:\Users\John\Documents\Vegas Pro 11.0.lnk [2012/09/14 23:04:53 | 000,000,132 | ---- | C] () -- C:\Users\John\AppData\Roaming\Adobe IllExport Filter CS6 Prefs [2012/09/13 00:17:50 | 000,001,075 | ---- | C] () -- C:\Users\John\Documents\Adobe Photoshop CS6 (64 Bit).lnk [2012/09/13 00:16:57 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012/09/13 00:16:02 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012/09/13 00:15:27 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012/09/13 00:13:00 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/09/13 00:12:57 | 000,001,479 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/09/12 21:41:35 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/09/12 21:41:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/09/12 17:16:23 | 000,002,666 | ---- | C] () -- C:\Users\John\Documents\alien religeon.rtf [2012/08/29 21:07:07 | 000,000,043 | ---- | C] () -- C:\Users\John\jagex_cl_runescape_LIVE.dat [2012/08/29 21:07:07 | 000,000,024 | ---- | C] () -- C:\Users\John\random.dat [2012/08/28 22:45:15 | 000,043,520 | ---- | C] () -- C:\Users\John\Documents\eclipse.exe [2012/08/09 03:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2012/08/09 03:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2012/04/29 09:19:59 | 001,567,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/15 20:41:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/15 17:24:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/09/06 15:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/03/18 05:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2012/08/28 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft [2012/06/23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.Nitrous [2012/08/06 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.platinum [2012/09/25 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.techniclauncher [2012/09/27 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ [2012/09/27 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\addpcs [2012/09/15 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BANDISOFT [2012/08/13 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Blender Foundation [2012/06/06 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canon [2012/09/12 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/05/22 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MotioninJoy [2012/09/15 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers [2012/09/15 17:54:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony [2012/08/18 13:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SPORE Creature Creator [2012/09/13 00:32:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/04/28 20:10:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Synaptics [2012/05/17 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent [2012/07/27 11:57:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WildTangent [2012/09/17 00:19:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WorldPainter
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1 | actions · 2012-Sep-30 3:27 pm · (locked) | J_Raw |
J_Raw
Member
2012-Sep-30 4:07 pm
Re: [Malware] my computer is slow with video but the audio playshere's the info for Extras.txt: OTL Extras logfile created on: 27/09/2012 3:42:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.48 Gb Total Physical Memory | 3.62 Gb Available Physical Memory | 66.06% Memory free 10.96 Gb Paging File | 8.79 Gb Available in Paging File | 80.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 672.57 Gb Total Space | 609.84 Gb Free Space | 90.67% Space Free | Partition Type: NTFS Drive D: | 21.91 Gb Total Space | 2.33 Gb Free Space | 10.64% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.21% Space Free | Partition Type: FAT32 Drive F: | 297.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0012998B-5AD5-4749-9D29-873AB1A8CAD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{044F09D3-502E-4242-BA38-693566557C41}" = rport=139 | protocol=6 | dir=out | app=system | "{058EB591-9584-4265-8133-A4144F84AB42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0810B4F1-B4C6-45FC-94D2-6B1B1F238EB2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{146042BA-4574-4FB9-A536-EA0DF688F957}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{14DBB97F-8284-43EF-8297-2F720C69807F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{15F5BC1A-0977-435B-9848-C76C79722F07}" = rport=445 | protocol=6 | dir=out | app=system | "{191986FC-5AA6-4140-B9E1-01F2FAD4843F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{23820828-07C7-4D50-89E6-55322C500E5E}" = rport=10243 | protocol=6 | dir=out | app=system | "{36FA7AEA-2D53-4BC0-9B53-2F4E63DACEAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C7D93E9-209F-47B8-AC5A-2ECC18DCCEDA}" = lport=137 | protocol=17 | dir=in | app=system | "{3CE391F0-7D38-4F62-88EA-3C143B6EE1CD}" = lport=138 | protocol=17 | dir=in | app=system | "{40136CC8-3911-4C5B-A68E-154AF171D0ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{56F3E561-DE9A-434E-82B5-CB5F56CB9F73}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57684F30-CE66-4FC0-895A-3B1D24AE8B1B}" = lport=2869 | protocol=6 | dir=in | app=system | "{6FD53541-224A-462D-A0A3-3D7566FBD191}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{734AE2E8-748B-4472-B610-B59A159586EE}" = rport=138 | protocol=17 | dir=out | app=system | "{7A2ED34E-81A1-4C72-AD17-86540D2EC382}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7B5D182D-5601-41B9-BE11-03EDAE577A59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{83792BBA-CF20-46C2-8B42-9C01E60B0432}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9D0707D5-5C8E-4772-A77B-E17068DEF6CE}" = lport=445 | protocol=6 | dir=in | app=system | "{A2A1B437-A905-41CF-AEEA-731D509BFB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9AFC123-9F49-4D0B-BD5A-9982B858464E}" = lport=139 | protocol=6 | dir=in | app=system | "{B2DFBE10-2C66-4B07-96B8-46BB12BD8357}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B5640B7B-2019-4921-AFAD-6D7AE60417E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C8ABF86E-BF1A-4ED4-B37A-174AC2A57FB6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CF1F8104-3051-48AA-979C-54E96929D6F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA83CACC-60DF-4974-925E-9001F52D7307}" = rport=137 | protocol=17 | dir=out | app=system | "{E4E2ED53-3EF3-4AEA-B6EB-2D3DE326065A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E59EF5B2-A156-44E5-92F2-429F3ACEE016}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE94152D-BB4F-428B-AD35-11870D35C984}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F8E45498-E73F-4DA4-B16E-4D9E4448A675}" = lport=10243 | protocol=6 | dir=in | app=system | "{FFE01147-6AD4-4CA4-A649-DFCE15976CC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AD7F254-C727-4677-A808-19C7E66D670F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{0EAFD4F6-B3C2-4B3F-BAD4-95E801A3C370}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{13A55780-DFAC-446C-B307-342384BF3A83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A171FDD-25FC-43BF-93FD-78BCB5DFE278}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1DD70006-5B30-41CA-A584-44BE0DA923E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21BA5659-8C0F-4105-BE4F-D0B4ABE7569B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2FD32399-E59D-4FAC-9E28-A744C7CE5C49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{34E4CD78-8B90-44F5-BFAF-0C3B2C0C0642}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3A1F5F71-A311-478E-9353-1DC62F5D6C66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4D20C48A-E489-498F-925F-6814F3155030}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D626E06-7C31-4707-8024-19DA99750A33}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4F384D24-C93E-4B9D-97DE-C5B70D6CD62D}" = protocol=58 | dir=in | app=system | "{533623F8-3E38-4367-8EB9-CF4BF19ABF75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5662F00F-9D2E-46FA-AE8E-BA4BFD2BF824}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{71BA759A-A6E3-428A-9305-2EE8C86C72E9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{73B9F60C-318C-4BD7-B4B2-F5CBBE4B9110}" = protocol=6 | dir=in | app=c:\users\john\desktop\utorrent.exe | "{76160D7F-5004-4B20-B185-B99BE5A670B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7879ADAA-CEF7-4597-803A-65A609BE805C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7BCD553C-2149-4FF2-A887-B764702EF2AD}" = protocol=6 | dir=out | app=system | "{83F159A2-0DCF-4A74-AE2B-5EDCB435341A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{92241A91-EF67-44CF-961F-6979554CBFAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B32299E-55F2-4458-BBCA-5E81C7EF219C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0F64203-041D-4DB1-AB00-97E25AABA5E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A25D5935-AA9D-4AAC-9CE0-BD96005E2F2F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A8C6E00F-D291-4013-BD99-C6D7C4D9763C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C476D905-0F3C-4817-B76B-D9E0935B4DA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C65EF632-12C0-4046-9C1C-71FF719522AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C7A6C3D9-5341-4E3D-A288-ECB61D6F68F6}" = protocol=17 | dir=in | app=c:\users\john\desktop\utorrent.exe | "{CF5A0C49-88FD-4010-AECC-E8C3F6266BB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D3B9D27C-9A84-4732-8151-9BF6A69D975B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DA7DB543-8DE2-4352-A9C6-60F8D8C57630}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E30F9DD4-D3C1-4FBC-8744-EE13B40BAF5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E5ACAFE7-7400-43E6-AE8E-640806B8CDD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F6482C51-3B80-4E7F-8379-64C1F7C5B2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4E6688D3-0814-4433-A4E7-C2F79276664B}C:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe | "TCP Query User{599BD1E2-7CD4-44F6-A765-9615338A1BD4}C:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe | "TCP Query User{6C778913-3D93-4FB5-AF68-09C18AA1EECC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{BCEC3030-DC80-4C6C-9449-8FFAE5754039}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{CFC73232-CC2A-4899-8521-7D2B2F4A52E2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{2676FFD9-8D31-41E9-95FA-B74D1C953C73}C:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe | "UDP Query User{97CA0DB0-C106-4034-A4FD-7C9561E3A350}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{9D7C1FBF-3DB1-4181-82C7-5A7DFDDD5E48}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{A30F4424-DFCD-4B5A-91E2-B4F42FD852E2}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{F3C405F2-4EA8-45D6-AD7F-D90E97771E89}C:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony online entertainment\wheel of fortune\wheel of fortune.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006716FE-DAB7-8EA8-99B6-04EB354AC3A8}" = AMD Media Foundation Decoders "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{288591DE-4151-4E8E-A698-C6EFF5DF00F9}" = HP Security Assistant "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004 "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software "{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9795DCDC-45CB-8A98-4F01-8C4B37361BF5}" = AMD Fuel "{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A21EA495-2B09-7E39-8C55-310D6DC7DB4C}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CF780466-D74B-C6E7-7E61-0C4DCA614455}" = AMD Catalyst Install Manager "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "4144-4862-0472-7103" = WorldPainter 0.10.2 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics TouchPad Driver "WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{06A62CCD-4953-88D6-104D-37C20CCA8140}" = CCC Help Greek "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0AD538F8-AE22-4448-71C5-2A321D3953A3}" = CCC Help Chinese Standard "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{169FDBFF-6FA1-2A14-F5F0-EEA7C27C4AFE}" = AMD VISION Engine Control Center "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AD2BBC8-8233-F193-6915-AEB19299EF69}" = CCC Help Dutch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java(TM) 7 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35E81526-8A3E-FF8C-6E43-EBA7D40904CA}" = CCC Help Finnish "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{579BD527-0EED-20A8-B9F4-0244FBABB085}" = CCC Help German "{600DFD49-D7C2-9DE4-4EEA-337083E72B1F}" = CCC Help Russian "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0 "{6DE8EE45-09DE-3288-4635-DCFA87765D84}" = CCC Help Portuguese "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{6F89F8EB-16A2-E21F-A34C-CF6AB53EA7E1}" = CCC Help Hungarian "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79A21AE8-0BF2-955D-7AC3-2AFD9430C199}" = CCC Help Czech "{7B67B74C-6942-9F20-C05A-2870D600A6EB}" = CCC Help Italian "{8279D3BD-3A54-A6F6-E8BE-C12FADDC1064}" = CCC Help Polish "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D78F24E-3AA8-9D2A-3B28-CA240439B802}" = CCC Help Swedish "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F4532D6-62F3-4B5B-AA47-979CFC7510F5}" = CCC Help Chinese Traditional "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7A7B78C-3EEE-5783-E2FB-218E4B40198E}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B0E3A46B-0629-BD31-EC2B-4C96DCF7F7BB}" = Catalyst Control Center Localization All "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B41441A0-A65C-CABF-4D1B-B1588E316F7D}" = CCC Help Korean "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B894D068-A07A-96C8-A6CB-87C5EDB97C8E}" = Catalyst Control Center Graphics Previews Common "{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb "{BDD74598-1133-68FA-CD69-6FD442759CD4}" = CCC Help Thai "{BEA1CE9A-93E0-E131-13DF-76441B6783E6}" = Catalyst Control Center InstallProxy "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C0E6C680-7B1D-0EE9-0D6C-AF28765FB885}" = CCC Help Turkish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7D23135-04B6-1A0C-E835-42AADD00EA1F}" = CCC Help Japanese "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA41C92C-BEA4-5C7B-6DDE-48C7E996FE72}" = CCC Help Norwegian "{CB841B9A-4049-E21F-1E62-49AC742C1B81}" = CCC Help English "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C4983-DA0E-7AFD-04E5-592EC5DF1974}" = CCC Help French "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding "{F500B5DC-CCCE-CC7F-B1D1-39139AE57676}" = CCC Help Danish "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Armadillo Run Demo_is1" = Armadillo Run Demo Version 1.0.4 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "Mplayer" = Mplayer 0.6.9 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.1 "Wheel of Fortune" = Wheel of Fortune (remove only) "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "WTA-ddf5ef20-d5e0-4268-b6e7-4afd4d9c0125" = RollerCoaster Tycoon 3: Platinum "wxDownload Fast_is1" = wxDownload Fast 0.6.0
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 20/09/2012 3:18:24 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5039
Error - 20/09/2012 3:18:25 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20/09/2012 3:18:25 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6084
Error - 20/09/2012 3:18:25 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6084
Error - 20/09/2012 3:18:26 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20/09/2012 3:18:26 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7113
Error - 20/09/2012 3:18:26 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7113
Error - 20/09/2012 3:20:11 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20/09/2012 3:20:11 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 112664
Error - 20/09/2012 3:20:11 PM | Computer Name = John-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 112664
[ Hewlett-Packard Events ] Error - 29/04/2012 11:16:15 AM | Computer Name = John-HP | Source = HPSF.exe | ID = 4000 Description =
Error - 07/05/2012 2:42:19 PM | Computer Name = John-HP | Source = HPSF.exe | ID = 4000 Description =
Error - 07/05/2012 2:42:52 PM | Computer Name = John-HP | Source = HPSF.exe | ID = 4000 Description =
Error - 13/05/2012 11:45:33 AM | Computer Name = John-HP | Source = HPSF.exe | ID = 4000 Description =
Error - 09/07/2012 9:44:15 PM | Computer Name = John-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5610 Ram Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 09/07/2012 9:44:17 PM | Computer Name = John-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5610 Ram Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 05/08/2012 11:53:22 AM | Computer Name = John-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/4ad9dfee_c2c5_43cc_8d8a_d93d1c7514be/u7cfrazwe7ea9trmdaodqait_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 5610 Ram Utilization: 80 TargetSite: Void UpdateDetail(System.String)
Error - 27/09/2012 6:33:20 AM | Computer Name = John-HP | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5610 Ram Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Software Framework Events ] Error - 13/05/2012 11:46:07 AM | Computer Name = John-HP | Source = CaslWmi | ID = 5 Description = 2012/05/13 11:46:07.694|000015F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 13/05/2012 11:48:24 AM | Computer Name = John-HP | Source = CaslWmi | ID = 5 Description = 2012/05/13 11:48:24.682|00000A98|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 13/05/2012 11:48:35 AM | Computer Name = John-HP | Source = CaslWmi | ID = 5 Description = 2012/05/13 11:48:35.172|000016E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 20/05/2012 11:40:32 AM | Computer Name = John-HP | Source = CaslWmi | ID = 5 Description = 2012/05/20 11:40:32.381|0000197C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 12/08/2012 10:51:08 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/08/12 10:51:08.698|00001D80|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 19/08/2012 1:22:42 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/08/19 01:22:42.627|00001954|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 19/08/2012 1:25:03 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/08/19 01:25:02.848|000019D4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 19/08/2012 10:03:56 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/08/19 10:03:56.605|000015FC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 02/09/2012 10:52:48 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/09/02 10:52:47.897|00001970|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 16/09/2012 10:26:33 AM | Computer Name = John-HP | Source = CaslSmBios | ID = 5 Description = 2012/09/16 10:26:33.862|000005E4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
[ System Events ] Error - 21/09/2012 8:11:32 AM | Computer Name = John-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:40:03 AM on ?21/?09/?2012 was unexpected.
Error - 21/09/2012 2:54:43 PM | Computer Name = John-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:28:05 AM on ?21/?09/?2012 was unexpected.
Error - 21/09/2012 4:16:53 PM | Computer Name = John-HP | Source = DCOM | ID = 10010 Description =
Error - 22/09/2012 6:22:55 PM | Computer Name = John-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.168.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error - 22/09/2012 6:41:35 PM | Computer Name = John-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.168.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error - 22/09/2012 7:11:45 PM | Computer Name = John-HP | Source = bowser | ID = 8003 Description =
Error - 22/09/2012 7:31:40 PM | Computer Name = John-HP | Source = BROWSER | ID = 8032 Description =
Error - 23/09/2012 2:57:27 AM | Computer Name = John-HP | Source = Service Control Manager | ID = 7034 Description = The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
Error - 24/09/2012 11:16:02 AM | Computer Name = John-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:43:49 AM on ?24/?09/?2012 was unexpected.
Error - 25/09/2012 9:04:38 PM | Computer Name = John-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:29:48 PM on ?25/?09/?2012 was unexpected.
and here's the info for checkup.txt: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.0.1400 Java(TM) 7 Java 7 Update 7 Adobe Flash Player 11.4.402.278 Adobe Reader X 10.1.0 [color=red]Adobe Reader out of Date![/color] Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes' Anti-Malware mbamscheduler.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 0% [u]````````````````````End of Log``````````````````````[/u]
i attempted to use the online scan but i tried twice and both times i didn't get a log to apear. | actions · 2012-Sep-30 4:07 pm · (locked) |
1 recommendation |
to J_Raw
Please run MBAM again, but this time remove the detects. Then post the new log in this thread.
Note, from the Mandatory Steps: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. | actions · 2012-Sep-30 8:41 pm · (locked) | J_Raw join:2012-09-27 Norwood, ON |
J_Raw
Member
2012-Oct-1 7:20 am
Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org
Database version: v2012.09.29.05
Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-HP [administrator]
Protection: Disabled
01/10/2012 6:16:34 AM mbam-log-2012-10-01 (06-16-34).txt
Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 354968 Time elapsed: 49 minute(s), 22 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 1 C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ\svchost.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
(end) | actions · 2012-Oct-1 7:20 am · (locked) | |
1 recommendation |
to J_Raw
First: Use Add/Remove Programs to uninstall Codecv
Second: Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
Third: Update status please on your system performance and any outstanding issues. | actions · 2012-Oct-1 11:05 am · (locked) | J_Raw join:2012-09-27 Norwood, ON |
J_Raw
Member
2012-Oct-2 8:02 am
OTL logfile created on: 01/10/2012 1:57:12 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.48 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 67.07% Memory free 10.96 Gb Paging File | 8.78 Gb Available in Paging File | 80.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 672.57 Gb Total Space | 525.43 Gb Free Space | 78.12% Space Free | Partition Type: NTFS Drive D: | 21.91 Gb Total Space | 2.33 Gb Free Space | 10.64% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.21% Space Free | Partition Type: FAT32 Drive F: | 297.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JOHN-HP | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/09/27 19:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (1).exe PRC - [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/08/29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/08/27 00:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/08/22 22:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011/02/07 03:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/09/25 05:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll MOD - [2012/09/25 05:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll MOD - [2012/09/25 05:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll MOD - [2012/09/25 05:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libglesv2.dll MOD - [2012/09/25 05:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libegl.dll MOD - [2012/09/25 05:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll MOD - [2012/09/25 05:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll MOD - [2012/09/25 05:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2011/09/20 14:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/09/16 06:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/09/15 17:15:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/25 22:08:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/02/07 03:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/15 20:34:35 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/30 20:45:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/10/30 20:45:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/09/16 06:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/09/16 05:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/08/18 08:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011/06/17 07:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/17 07:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=107738&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=ee99b3b900000000000078e3b56b571b IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=107738&tt=120912_pcp_3812_2&babsrc=SP_ss&mntrId=ee99b3b900000000000078e3b56b571b IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8A296747-046D-4585-A643-2FFE81253620}&mid=6ba8a023968047d0b330ada0952872b7-c0c543269458e32d04d7432e87b3bcf57673945d&lang=en&ds=cv011&pr=sa&d=2012-05-17 20:42:48&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/25 21:42:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/25 21:42:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/27 18:43:15 | 000,000,000 | ---D | M]
[2012/05/17 20:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions [2012/05/17 20:41:16 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/07/27 01:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Web Assistant = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeadcbjghicaeojlcjpechlhcophnok\1.0_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcigokgcfhfkdaolnobhbdfoenhiooam\1.0_0\ CHR - Extension: Assassin's Creed III = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.2_0\ CHR - Extension: Codecv = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlkgdlanlinbkppaahefdoemkgeflog\1.0_0\ CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Crash Reporter®] C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ\Crash.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\RunOnce: [SpybotDeletingB6314] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll" File not found O4 - HKCU..\RunOnce: [SpybotDeletingB7665] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll" File not found O4 - HKCU..\RunOnce: [SpybotDeletingB961] command.com /c del "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe" File not found O4 - HKCU..\RunOnce: [SpybotDeletingD1632] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD2866] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD7155] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F8C5722-38EF-44E6-9278-9322EE642C04}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AFC436C-E702-4F67-87C9-F7E3C1B0FB36}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/09/30 15:40:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\QuickScan [2012/09/28 19:17:04 | 000,000,000 | R--D | C] -- C:\Users\John\Dropbox [2012/09/28 19:13:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/09/28 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Dropbox [2012/09/28 17:43:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D775A314-C71B-485D-812C-AF9C1260BE2A} [2012/09/28 17:43:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5DB78AAD-6C5D-4D5D-BBCB-CB7105E11493} [2012/09/28 12:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012/09/28 12:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012/09/27 20:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/27 17:23:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\addpcs [2012/09/27 17:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner [2012/09/26 21:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/09/26 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/09/26 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/09/26 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes [2012/09/26 20:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/26 20:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/26 20:10:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/26 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/26 18:21:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/26 18:21:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/26 18:21:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/26 18:21:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/26 18:21:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/26 18:21:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/26 18:21:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/26 18:21:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/26 18:21:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/26 18:21:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/26 18:21:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/26 18:21:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/26 18:21:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/26 18:21:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/26 18:21:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/25 21:46:10 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/25 21:42:48 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012/09/25 21:31:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC [2012/09/25 21:31:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2012/09/19 11:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012/09/18 06:01:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ [2012/09/18 06:01:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Users\John\AppData\Roaming\Crash_Report.exe [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/09/17 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012/09/17 21:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/09/15 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Publish Providers [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sony [2012/09/15 17:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012/09/15 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Sony [2012/09/15 15:44:42 | 000,000,000 | ---D | C] -- C:\Fraps [2012/09/15 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\BANDISOFT [2012/09/15 15:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [2012/09/15 15:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam [2012/09/15 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2012/09/15 14:54:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{1429AA51-E751-4AFD-9342-33799AC687E1} [2012/09/13 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Photoshop Elements 10 [2012/09/13 00:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/09/13 00:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/09/13 00:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/09/13 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/09/12 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Photoshop CS6 [2012/09/12 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Premiere Pro CS6 [2012/09/12 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/09/12 21:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/09/12 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/09/12 01:08:04 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 01:08:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 01:08:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 01:08:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/08 12:13:22 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/09/08 12:13:22 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/09/08 12:13:22 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/09/08 12:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/09/08 11:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/08 11:14:01 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/08 11:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/08 11:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/08 11:13:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/08 11:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/07 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/09/07 19:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/09/03 18:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armadillo Run Demo [2012/09/03 18:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armadillo Run Demo
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/10/01 14:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/01 13:16:04 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/01 13:16:04 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/01 13:08:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/01 13:08:48 | 000,000,364 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterTask{61673627-7861-4A9F-83B4-B9AB46EEBAAD}.job [2012/10/01 13:08:48 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{6CEAEC90-5BC3-4C1D-AC28-71E80443A388}.job [2012/10/01 13:08:48 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterTask{9977B885-26E5-4E89-A13D-9413A24330D0}.job [2012/10/01 13:08:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job [2012/10/01 13:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/01 13:08:30 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys [2012/10/01 07:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/29 20:14:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/29 20:14:33 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/29 20:14:33 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/28 23:29:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/09/28 19:17:04 | 000,001,037 | ---- | M] () -- C:\Users\John\Desktop\Dropbox.lnk [2012/09/28 19:13:28 | 000,001,047 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/28 13:46:06 | 000,000,132 | ---- | M] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012/09/28 12:07:23 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/09/27 18:33:46 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/27 06:10:02 | 000,000,524 | ---- | M] () -- C:\Windows\wininit.ini [2012/09/26 21:24:55 | 000,001,242 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/09/25 22:08:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/25 22:08:17 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/24 21:55:11 | 000,000,563 | ---- | M] () -- C:\Users\John\Documents\eng essay works cited.rtf [2012/09/24 21:49:00 | 000,000,597 | ---- | M] () -- C:\Users\John\Documents\eng essay title.rtf [2012/09/24 21:44:09 | 000,006,087 | ---- | M] () -- C:\Users\John\Documents\eng esssay.rtf [2012/09/19 11:42:19 | 000,001,416 | ---- | M] () -- C:\Users\John\Desktop\Fraps.lnk [2012/09/18 06:01:24 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Users\John\AppData\Roaming\Crash_Report.exe [2012/09/17 21:37:34 | 000,000,768 | ---- | M] () -- C:\user.js [2012/09/16 21:43:40 | 004,892,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/15 17:49:19 | 000,001,040 | ---- | M] () -- C:\Users\John\Desktop\Vegas Pro 11.0.lnk [2012/09/14 23:04:53 | 000,000,132 | ---- | M] () -- C:\Users\John\AppData\Roaming\Adobe IllExport Filter CS6 Prefs [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2012/09/13 09:25:38 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012/09/13 00:17:50 | 000,001,075 | ---- | M] () -- C:\Users\John\Documents\Adobe Photoshop CS6 (64 Bit).lnk [2012/09/12 21:41:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/09/12 20:29:25 | 000,002,666 | ---- | M] () -- C:\Users\John\Documents\alien religeon.rtf [2012/09/08 12:13:13 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/09/08 12:13:13 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/09/08 12:13:13 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/09/08 12:13:13 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/09/08 11:13:38 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/08 11:13:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/08 11:13:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/08 11:13:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/08 11:13:33 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/08 11:13:32 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/09/07 19:26:57 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/09/28 19:17:04 | 000,001,037 | ---- | C] () -- C:\Users\John\Desktop\Dropbox.lnk [2012/09/28 19:13:28 | 000,001,047 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/28 13:46:06 | 000,000,132 | ---- | C] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012/09/27 18:43:11 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2012/09/27 18:33:46 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/27 17:22:29 | 000,000,870 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk [2012/09/27 06:10:01 | 000,000,524 | ---- | C] () -- C:\Windows\wininit.ini [2012/09/26 21:24:55 | 000,001,242 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/09/24 21:55:10 | 000,000,563 | ---- | C] () -- C:\Users\John\Documents\eng essay works cited.rtf [2012/09/24 21:49:00 | 000,000,597 | ---- | C] () -- C:\Users\John\Documents\eng essay title.rtf [2012/09/21 21:04:59 | 000,006,087 | ---- | C] () -- C:\Users\John\Documents\eng esssay.rtf [2012/09/19 11:42:19 | 000,001,416 | ---- | C] () -- C:\Users\John\Desktop\Fraps.lnk [2012/09/15 17:49:19 | 000,001,040 | ---- | C] () -- C:\Users\John\Desktop\Vegas Pro 11.0.lnk [2012/09/14 23:04:53 | 000,000,132 | ---- | C] () -- C:\Users\John\AppData\Roaming\Adobe IllExport Filter CS6 Prefs [2012/09/13 00:17:50 | 000,001,075 | ---- | C] () -- C:\Users\John\Documents\Adobe Photoshop CS6 (64 Bit).lnk [2012/09/13 00:16:57 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012/09/13 00:16:02 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012/09/13 00:15:27 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012/09/13 00:13:00 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/09/13 00:12:57 | 000,001,479 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/09/12 21:41:35 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/09/12 21:41:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/09/12 17:16:23 | 000,002,666 | ---- | C] () -- C:\Users\John\Documents\alien religeon.rtf [2012/08/29 21:07:07 | 000,000,043 | ---- | C] () -- C:\Users\John\jagex_cl_runescape_LIVE.dat [2012/08/29 21:07:07 | 000,000,024 | ---- | C] () -- C:\Users\John\random.dat [2012/08/09 03:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2012/08/09 03:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2012/04/29 09:19:59 | 001,567,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/15 20:41:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/15 17:24:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/09/06 15:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/03/18 05:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2012/09/29 10:22:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft [2012/06/23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.Nitrous [2012/08/06 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.platinum [2012/09/29 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.techniclauncher [2012/10/01 13:08:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\A6vpTL180ou12KZ [2012/09/27 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\addpcs [2012/09/15 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BANDISOFT [2012/08/13 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Blender Foundation [2012/06/06 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canon [2012/09/12 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/10/01 13:09:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox [2012/05/22 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MotioninJoy [2012/09/15 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers [2012/09/30 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\QuickScan [2012/09/28 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony [2012/08/18 13:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SPORE Creature Creator [2012/09/13 00:32:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/04/28 20:10:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Synaptics [2012/05/17 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent [2012/07/27 11:57:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WildTangent [2012/09/17 00:19:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WorldPainter
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1 | actions · 2012-Oct-2 8:02 am · (locked) |
1 recommendation |
to J_Raw
The latest OTL log shows no signs of malware. Time to check for rootkits. Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: » Security Cleanup FAQ » Rootkit Detection Applications | actions · 2012-Oct-2 11:32 am · (locked) | J_Raw join:2012-09-27 Norwood, ON |
J_Raw
Member
2012-Oct-2 7:21 pm
GMER 1.0.15.15641 - » www.gmer.netRootkit scan 2012-10-02 18:10:11 Windows 6.1.7601 Service Pack 1 Running: 95qmlk2b.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44@f01c1355c8ac 0x1B 0x8A 0xD6 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44@7ce9d3f98d65 0xB4 0x93 0x15 0xED ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44@f01c1355c8ac 0x1B 0x8A 0xD6 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3cc9b44@7ce9d3f98d65 0xB4 0x93 0x15 0xED ... ---- EOF - GMER 1.0.15 ---- | actions · 2012-Oct-2 7:21 pm · (locked) | |
to J_Raw
Thanks.
No Malware in the logs. How is your computer performng? | actions · 2012-Oct-3 10:58 am · (locked) | J_Raw join:2012-09-27 Norwood, ON
1 recommendation |
J_Raw
Member
2012-Oct-3 2:24 pm
running much faster thankyou | actions · 2012-Oct-3 2:24 pm · (locked) | |
to J_Raw
Thanks. Time to cleanup and set you on your way. Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
| actions · 2012-Oct-4 11:03 am · (locked) |
|