Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

request help malware removel [Solved]

malware issue

  • This topic is locked This topic is locked

#1
hammer55

hammer55

    Member

  • Member
  • PipPip
  • 18 posts

Hi there

 

having a problem with my PC running windows 7. It feels anoyingly slow since a few weeks.

 

I assume - but am not sure - it has to do with malware or a more serious virus.

 

2 weeks ago windows explorer had a problem and my computer became totally useless but somehow - after being able to go to windows update it started working again.

 

I am using avast free version - ran it - and did NOT find any virus

I also ran Malwarebytes just now - full scan - also nothing found.

 

Hope someone can take a look.

 

-----------------------------------

OTL logfile created on: 6/9/2014 10:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 36.67% Memory free
9.34 Gb Paging File | 6.41 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 144.84 Gb Free Space | 72.42% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 702.10 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive F: | 177.99 Gb Total Space | 127.65 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive H: | 931.48 Gb Total Space | 304.43 Gb Free Space | 32.68% Space Free | Partition Type: NTFS
Drive Z: | 3725.99 Gb Total Space | 2133.28 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
 
Computer Name: HAMMER_PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/09 10:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/06/07 01:36:11 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/05 16:40:11 | 000,029,696 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\SickBeard-console.exe
PRC - [2014/05/14 06:21:32 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/10 11:47:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/05/12 15:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 16:40:11 | 000,720,896 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_ssl.pyd
MOD - [2014/06/05 16:40:11 | 000,029,696 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\SickBeard-console.exe
MOD - [2014/06/05 16:40:10 | 000,585,728 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\unicodedata.pyd
MOD - [2014/06/05 16:40:10 | 000,286,208 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_hashlib.pyd
MOD - [2014/06/05 16:40:10 | 000,086,016 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_elementtree.pyd
MOD - [2014/06/05 16:40:10 | 000,073,728 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_ctypes.pyd
MOD - [2014/06/05 16:40:10 | 000,053,760 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_sqlite3.pyd
MOD - [2014/06/05 16:40:10 | 000,040,448 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_socket.pyd
MOD - [2014/06/05 16:40:10 | 000,023,552 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\_multiprocessing.pyd
MOD - [2014/06/05 16:40:09 | 000,571,904 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\sqlite3.dll
MOD - [2014/06/05 16:40:08 | 000,153,088 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\pyexpat.pyd
MOD - [2014/06/05 16:40:08 | 000,011,776 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\select.pyd
MOD - [2014/06/05 16:40:06 | 000,072,192 | ---- | M] () -- C:\Program Files\SickBeard-win32-alpha-build503\lib\bz2.pyd
MOD - [2014/05/14 06:21:31 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/10 11:47:47 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/26 00:34:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/19 13:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 15:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 09:58:43 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/06/30 09:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/28 23:02:30 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/31 01:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 08:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 06:21:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 11:47:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/29 09:57:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/01 15:03:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/02 09:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/24 22:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2012/08/23 21:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/06/30 11:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 09:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/08 05:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/31 01:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/25 01:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/19 07:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/19 07:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/10 14:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 16:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/24 08:49:46 | 000,275,024 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/02 00:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/07 17:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 08:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/24 13:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/28 19:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/06/02 01:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions
[2013/08/10 17:31:40 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013/04/28 23:35:52 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/08/30 07:01:48 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2014/05/16 15:46:04 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/02 13:39:25 | 000,006,473 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\searchplugins\BrowserProtect.xml
[2014/05/10 11:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 11:47:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/24 13:35:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.1_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/28 11:09:07 | 000,447,854 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15377 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC61301-CDC8-40F1-BE33-5E277F5D7094}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/24 12:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/05 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/06/05 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/06/05 12:00:03 | 005,310,224 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/06/05 11:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2014/06/03 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\File Renamer Basic
[2014/05/31 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\poster pvd
[2014/05/27 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\SickBeard-win32-alpha-build503
[2014/05/24 17:07:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/24 16:53:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/23 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/05/23 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/05/18 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SystemUpdate_16747_USB
[2014/05/15 03:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/10 11:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/09 10:21:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/09 09:31:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/06/08 20:38:07 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/06/07 19:35:39 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/07 19:35:39 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/07 15:03:34 | 000,786,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/07 15:03:34 | 000,657,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/07 15:03:34 | 000,123,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/07 12:57:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/07 12:57:54 | 2800,742,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/05 11:59:36 | 005,310,224 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/05/28 00:35:43 | 000,001,065 | ---- | M] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/25 10:12:16 | 000,770,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/24 14:50:51 | 000,007,621 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014/05/24 13:37:08 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/15 10:31:32 | 218,766,503 | ---- | M] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/15 03:29:04 | 000,001,066 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2014/06/03 12:30:09 | 256,499,605 | ---- | C] () -- C:\NCIS.S11E23.HDTV.x264-LOL.mp4
[2014/06/03 12:30:07 | 218,766,503 | ---- | C] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/28 00:35:43 | 000,001,065 | ---- | C] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/24 15:31:18 | 2800,742,400 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/24 13:37:07 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 17:22:30 | 000,007,621 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/12/19 00:31:03 | 000,000,129 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2013/11/01 02:21:49 | 000,000,296 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/07 13:19:43 | 000,770,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/15 12:11:09 | 000,001,066 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/05/01 12:22:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/30 14:25:30 | 003,845,632 | ---- | C] () -- C:\Program Files\EOCP Drivers 0.9.311007.msi
[2013/04/30 14:25:30 | 000,006,129 | ---- | C] () -- C:\Program Files\0x0409.ini
[2013/04/28 21:41:04 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/04/28 18:03:51 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013/04/28 18:03:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013/04/28 18:03:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013/04/28 18:03:39 | 000,084,914 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/04/28 18:03:17 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/04/28 18:02:22 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013/04/28 17:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/28 17:49:26 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/04/28 17:48:10 | 000,027,556 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/04/28 17:47:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/04/28 17:47:24 | 000,023,507 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/03/08 14:39:40 | 000,024,036 | ---- | C] () -- C:\Users\Administrator\SDActivate.lng
 
========== ZeroAccess Check ==========
 
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/30 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2014/04/27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARecEngine
[2013/04/28 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS
[2013/11/26 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2013/07/06 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu
[2013/07/06 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu Security
[2013/05/13 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2014/06/02 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2014/05/29 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DropboxMaster
[2013/08/12 14:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileBot
[2014/05/03 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2014/02/13 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2013/08/12 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Personal Video Database
[2012/01/30 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhotoScape
[2013/07/02 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2014/05/25 04:27:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeraCopy
[2014/06/09 10:30:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tixati
[2014/04/09 13:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013/11/16 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/01/30 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by hammer55, 08 June 2014 - 09:45 PM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Are you using a pirated version of Adobe product? Please post the Extras.txt located in the same folder with OTL.
  • 0

#3
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

think its a crack adobe suit - came with the box when I bought it.

 

OTL Extras logfile created on: 6/9/2014 10:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 36.67% Memory free
9.34 Gb Paging File | 6.41 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 144.84 Gb Free Space | 72.42% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 702.10 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive F: | 177.99 Gb Total Space | 127.65 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive H: | 931.48 Gb Total Space | 304.43 Gb Free Space | 32.68% Space Free | Partition Type: NTFS
Drive Z: | 3725.99 Gb Total Space | 2133.28 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
 
Computer Name: HAMMER_PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE560A2-C3C6-4D2F-93FC-29F90ECDFDD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C7B3EB7-87F8-4016-9217-B0645A44A592}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3E3FA8D9-A386-49A2-A07A-83801002C806}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4A10237C-E0DF-46F8-A43F-0AC9E75A8549}" = lport=138 | protocol=17 | dir=in | app=system |
"{587BD641-4940-449D-9B77-FA8DEC2A4C86}" = rport=139 | protocol=6 | dir=out | app=system |
"{7016E808-967F-4AC3-ABB5-DEC94A0F877E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74DDF6BF-AB7A-47C4-9E08-03FA4C714249}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F3FBFF6-143D-4470-BAF1-750FDA3D07FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CFB948D-1FF3-431B-BCA4-1F711146665B}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E1AF4DB-C3FE-44C5-8635-1DEAB71DB450}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5742F64-E4A2-4D52-961B-4E3614F3C65B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AED280FB-B9BA-4B63-B9C7-03F29BF6CFFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{BDA39723-EDED-493A-9CF4-1BF6821CFCD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C03E4C3B-9075-4123-805A-1CB9C62D11DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA7229E5-1B39-4DFC-B4EC-8608EE6E543C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E383E7F4-3819-44F6-8786-9FED95668FB1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FAF091EF-ABB6-4823-9C6D-C884C0820039}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD7EC687-ACE5-4590-AC22-DAE29BE56A30}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1860F8F9-BD4B-498A-98F6-63BD67A0F60D}" = protocol=58 | dir=out | [email protected],-28546 |
"{18D9D30B-B1E7-4C68-B306-AE67A2D50360}" = protocol=1 | dir=in | [email protected],-28543 |
"{18F0D3C5-B215-4BD3-9B08-795C01321483}" = protocol=1 | dir=out | [email protected],-28544 |
"{299D5095-08DA-43F3-9B59-1DB176917019}" = protocol=58 | dir=in | [email protected],-28545 |
"{32AE22D2-DF9E-44B2-9B85-1E7FBCE51AF9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{33C726CF-F78D-419F-9227-2E1A6E6D9B7D}" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"{39BC80F7-B82D-4486-9A64-DA54B36F33B3}" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"{469280E6-7674-4065-8DAC-B9349E9B4BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{474BD564-A57C-4C48-956F-AECF19A919E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{87FD6B17-7839-4720-9082-D6D0214416E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8D6CDC7E-BC78-4A62-9C3A-1BF2BBF176B3}" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"{A0B64F46-03CB-4503-8BFD-8E8E0B658146}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3757911-1BD1-4144-9DBC-F412C2865B3D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B0014F15-6DC9-4ED1-A1AB-00747C9F2C70}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB79DFB8-C481-45DB-86D5-587C702882EC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BE6E9D30-DA75-426E-A4FE-A94DB78F70CE}" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"{BEEA99D0-E1C8-4D35-97CB-D1DA3AA33956}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C21E693E-EC61-4290-8119-D0099D283857}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DB3049D5-43D6-448F-8F0D-5FE1B6313B97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DDD413BA-E617-4576-A3E9-98672D0F0E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFF60631-F2AE-450B-9078-0002A41C6C25}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{2A933AB6-1DE0-4299-B4D6-B1040DCBDF34}C:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe |
"TCP Query User{32DAF5DF-155A-4291-B67A-C0AAC6EA5C61}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{57CE9CFB-0F6C-4333-A4F5-F88FFC01B13B}C:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"TCP Query User{8B421CBC-7B13-415E-9F07-16D9B60D1030}C:\program files\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"TCP Query User{960D316C-3F59-48B9-9BDA-469D8500FC70}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{EC219061-7817-49B3-B4B8-AC5B63110BA7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{257CB448-7FB4-41A4-93A3-20601CC1290B}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{276DD494-A8EB-4E66-9945-F34C1C19DECD}C:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe |
"UDP Query User{44288859-1A58-4431-B79B-3DDE2037EA90}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{57B91F86-AD3E-4194-BF12-FCCD2E5A45C0}C:\program files\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"UDP Query User{DAC72395-E6E4-47F8-98AB-AF86C6024A97}C:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"UDP Query User{F0D59722-D2F1-4A06-BFC4-4C32A9D45EF1}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{117E1610-81C4-412C-9DBB-E43566F026B1}" = FileBot
"{1A2C5449-8764-16C6-C362-BD168179F920}" = ATI Catalyst Install Manager
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-041E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Thai) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CDBB8820-BC03-8350-12A4-767C2DF43402}" = AMD Fuel
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FCA329AD-7158-C5F1-6001-426FEB74B506}" = ccc-utility64
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"TeraCopy_is1" = TeraCopy 2.27
"Unlocker" = Unlocker 1.9.2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-27 (x64)
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AEB8CB6-B14E-C3B4-E6E3-D87D85FF05FF}" = Catalyst Control Center Profiles Mobile
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C1D1B0-9EDA-6990-FB48-B6EA4ACEAA55}" = CCC Help Russian
"{1DA0D00A-0643-F330-68B4-34FE257EB99B}" = CCC Help Dutch
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FE7988D-6F76-8547-7868-783A1F2210F3}" = CCC Help Polish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2873DEF6-F8C3-E4A3-1711-2C698C6A78B0}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2DF747-4CC7-E241-120A-A8D33CE0AB93}" = CCC Help Japanese
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3119C980-E5CF-AF54-4C68-E8856B491278}" = CCC Help Chinese Standard
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FD6324C-EF8B-70E3-719B-42316C5A76E6}" = CCC Help Chinese Traditional
"{43B837AF-0E74-9FB9-CF1B-C4DA9EE4C9B6}" = CCC Help German
"{470D4DF0-5F02-253F-929A-BD0E609871E4}" = CCC Help Czech
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53D4E974-134D-B8F1-5AFF-8A13C5E55797}" = AMD VISION Engine Control Center
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{571A2B8B-09D4-5589-93F0-B7CA164BEDC2}" = CCC Help Turkish
"{5955522B-824D-3E29-87D0-B077CE4E1540}" = CCC Help Portuguese
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7BBE0097-EA2F-828A-0DB2-7C1A65C8CF47}" = Catalyst Control Center InstallProxy
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777C737-9518-FB38-F925-20128E5984D2}" = CCC Help English
"{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E07B5C5-7623-B1D1-2430-AB4FE2130524}" = Catalyst Control Center Localization All
"{90120000-0015-041E-0000-0000000FF1CE}" = Microsoft Office Access MUI (Thai) 2007
"{90120000-0015-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041E-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Thai) 2007
"{90120000-0019-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Thai) 2007
"{90120000-001A-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_ENTERPRISE_{E9E01036-7842-437F-B99E-984D738A81DA}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041E-1000-0000000FF1CE}_ENTERPRISE_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-041E-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Thai) 2007
"{90120000-0044-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_ENTERPRISE_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Thai) 2007
"{90120000-00A1-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-041E-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Thai) 2007
"{90120000-0114-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{954358B3-C7C3-3C27-A020-6E4C71AB2351}" = CCC Help Swedish
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A134FB8F-D2D6-2C37-7B21-41FCE0706B9B}" = CCC Help Norwegian
"{A2625F9D-3A9F-8AB8-8AA8-22C243E4C93B}" = CCC Help Greek
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A59F552E-E9B8-1A13-F44F-ABFB449A4B26}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6BD840C-AE66-A6EC-F60E-5E91858A309C}" = CCC Help Spanish
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC066C02-FA35-514C-B938-BB271B0554E1}" = CCC Help Hungarian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB8F65A0-806C-F14F-DD5D-2A022CB9C5FD}" = CCC Help Danish
"{DBA4A747-3C2D-9257-7F87-ADFCD1B1822F}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18960BE-70DB-18C6-DC6C-FA6307ADC2AB}" = CCC Help French
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCBEF8AE-FA8A-C512-081A-5C24BB7E4E79}" = CCC Help Finnish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = FTDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.0.2
"FormatFactory" = FormatFactory 3.1.1
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.4
"GOM Player" = GOM Player
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Personal Video Database_is1" = Personal Video Database 1.0.2.5
"SpeedFan" = SpeedFan (remove only)
"tixati" = Tixati
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Zuma Deluxe RA" = Zuma Deluxe RA
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/30/2013 4:48:10 AM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 10/30/2013 10:00:01 AM | Computer Name = Hammer_PC | Source = Application Hang | ID = 1002
Description = The program setup.exe version 10.4.1.45 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 39a4    Start Time:
 01ced5669b103cac    Termination Time: 4    Application Path: C:\Users\ADMINI~1\AppData\Local\Temp\{45CC31FD-69AC-4C10-86B0-75BB55B7C111}\setup.exe

Report
 Id:   
 
Error - 10/30/2013 2:46:14 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 10/30/2013 3:09:59 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/1/2013 7:49:53 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/2/2013 6:07:56 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/3/2013 3:27:02 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/6/2013 5:12:53 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/10/2013 10:46:26 AM | Computer Name = Hammer_PC | Source = Application Hang | ID = 1002
Description = The program viddb.exe version 1.0.2.5 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1674    Start Time:
 01cede1e2e78ff83    Termination Time: 16    Application Path: C:\Program Files (x86)\Personal
 Video Database\viddb.exe    Report Id: d9dd2c65-4a16-11e3-85b5-3085a9a4a783  
 
Error - 11/10/2013 6:02:04 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 6/8/2014 10:58:03 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:03 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:06 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:06 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
 
< End of report >
 


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts

think its a crack adobe suit - came with the box when I bought it.

I do not condone piracy. Please un-install the suit and give myself a fresh OTL log.
  • 0

#5
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

control panel -> programs & features -> adobe creative suite 4 design premium -> uninstall/change

 

won't uninstall !!

 

why? no idea - is there another way?


Edited by hammer55, 10 June 2014 - 12:34 PM.

  • 0

#6
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

got rid of adobe creative suite 4 design premium using ccleaner

 

here the fresh OTL log

 

OTL logfile created on: 6/11/2014 2:01:15 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 51.47% Memory free
9.34 Gb Paging File | 7.43 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 145.91 Gb Free Space | 72.95% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 716.46 Gb Free Space | 97.94% Space Free | Partition Type: NTFS
Drive F: | 177.99 Gb Total Space | 127.65 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive H: | 931.48 Gb Total Space | 300.51 Gb Free Space | 32.26% Space Free | Partition Type: NTFS
Drive Z: | 3725.99 Gb Total Space | 2112.70 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
 
Computer Name: HAMMER_PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/09 10:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/06/07 01:36:11 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/10 11:47:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/05/12 15:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/10 11:47:47 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/26 00:34:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/04/19 13:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 15:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/30 09:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/28 23:02:30 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/31 01:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 08:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 06:21:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 11:47:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/01 15:03:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/02 09:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/24 22:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2012/09/22 02:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/22 02:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 21:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/30 11:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 09:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/08 05:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/31 01:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/25 01:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/19 07:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/19 07:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/10 14:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 16:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/24 08:49:46 | 000,275,024 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/02 00:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/07 17:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 08:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/24 13:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/28 19:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/06/02 01:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions
[2013/08/10 17:31:40 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013/04/28 23:35:52 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/08/30 07:01:48 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2014/05/16 15:46:04 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/02 13:39:25 | 000,006,473 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\searchplugins\BrowserProtect.xml
[2014/05/10 11:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 11:47:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/24 13:35:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.1_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/28 11:09:07 | 000,447,854 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15377 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC61301-CDC8-40F1-BE33-5E277F5D7094}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/24 12:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/09 15:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/06/09 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/06/09 15:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/06/09 15:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/06/05 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/06/05 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/06/05 12:00:03 | 005,310,224 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/06/05 11:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2014/06/03 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\File Renamer Basic
[2014/05/31 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\poster pvd
[2014/05/27 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\SickBeard-win32-alpha-build503
[2014/05/24 17:07:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/24 16:53:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/23 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/05/23 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/05/18 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SystemUpdate_16747_USB
[2014/05/15 03:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/11 01:31:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/06/11 01:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/11 01:15:14 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 01:15:14 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 01:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/11 01:09:22 | 2800,742,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/11 00:49:25 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/06/09 15:21:26 | 000,001,113 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/07 15:03:34 | 000,786,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/07 15:03:34 | 000,657,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/07 15:03:34 | 000,123,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/05 11:59:36 | 005,310,224 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/05/28 00:35:43 | 000,001,065 | ---- | M] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/25 10:12:16 | 000,770,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/24 14:50:51 | 000,007,621 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014/05/24 13:37:08 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/15 10:31:32 | 218,766,503 | ---- | M] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/15 03:29:04 | 000,001,066 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2014/06/09 15:21:26 | 000,001,113 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/03 12:30:09 | 256,499,605 | ---- | C] () -- C:\NCIS.S11E23.HDTV.x264-LOL.mp4
[2014/06/03 12:30:07 | 218,766,503 | ---- | C] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/28 00:35:43 | 000,001,065 | ---- | C] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/24 15:31:18 | 2800,742,400 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/24 13:37:07 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 17:22:30 | 000,007,621 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/12/19 00:31:03 | 000,000,129 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2013/11/01 02:21:49 | 000,000,296 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/07 13:19:43 | 000,770,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/15 12:11:09 | 000,001,066 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/05/01 12:22:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/30 14:25:30 | 003,845,632 | ---- | C] () -- C:\Program Files\EOCP Drivers 0.9.311007.msi
[2013/04/30 14:25:30 | 000,006,129 | ---- | C] () -- C:\Program Files\0x0409.ini
[2013/04/28 21:41:04 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/04/28 18:03:51 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013/04/28 18:03:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013/04/28 18:03:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013/04/28 18:03:39 | 000,084,914 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/04/28 18:03:17 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/04/28 18:02:22 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013/04/28 17:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/28 17:49:26 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/04/28 17:48:10 | 000,027,556 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/04/28 17:47:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/04/28 17:47:24 | 000,023,507 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/03/08 14:39:40 | 000,024,036 | ---- | C] () -- C:\Users\Administrator\SDActivate.lng
[2012/09/22 02:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/22 02:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/22 02:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/30 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2014/04/27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARecEngine
[2013/04/28 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS
[2013/11/26 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2013/07/06 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu
[2013/07/06 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu Security
[2013/05/13 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2014/06/02 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2014/05/29 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DropboxMaster
[2013/08/12 14:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileBot
[2014/05/03 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2014/06/09 15:21:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/02/13 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2013/08/12 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Personal Video Database
[2012/01/30 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhotoScape
[2013/07/02 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2014/05/25 04:27:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeraCopy
[2014/06/11 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tixati
[2014/04/09 13:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013/11/16 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/01/30 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/06/09 15:28:58 | 000,000,000 | ---D | M](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
[2014/06/09 15:28:58 | 000,000,000 | ---D | M](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
[2014/06/09 15:28:58 | 000,000,000 | ---D | C](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software

< End of report >
 

 

-------------------------------------------

 

OTL Extras logfile created on: 6/9/2014 10:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 36.67% Memory free
9.34 Gb Paging File | 6.41 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 144.84 Gb Free Space | 72.42% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 702.10 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive F: | 177.99 Gb Total Space | 127.65 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive H: | 931.48 Gb Total Space | 304.43 Gb Free Space | 32.68% Space Free | Partition Type: NTFS
Drive Z: | 3725.99 Gb Total Space | 2133.28 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
 
Computer Name: HAMMER_PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE560A2-C3C6-4D2F-93FC-29F90ECDFDD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C7B3EB7-87F8-4016-9217-B0645A44A592}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3E3FA8D9-A386-49A2-A07A-83801002C806}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4A10237C-E0DF-46F8-A43F-0AC9E75A8549}" = lport=138 | protocol=17 | dir=in | app=system |
"{587BD641-4940-449D-9B77-FA8DEC2A4C86}" = rport=139 | protocol=6 | dir=out | app=system |
"{7016E808-967F-4AC3-ABB5-DEC94A0F877E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74DDF6BF-AB7A-47C4-9E08-03FA4C714249}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F3FBFF6-143D-4470-BAF1-750FDA3D07FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CFB948D-1FF3-431B-BCA4-1F711146665B}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E1AF4DB-C3FE-44C5-8635-1DEAB71DB450}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5742F64-E4A2-4D52-961B-4E3614F3C65B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AED280FB-B9BA-4B63-B9C7-03F29BF6CFFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{BDA39723-EDED-493A-9CF4-1BF6821CFCD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C03E4C3B-9075-4123-805A-1CB9C62D11DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA7229E5-1B39-4DFC-B4EC-8608EE6E543C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E383E7F4-3819-44F6-8786-9FED95668FB1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FAF091EF-ABB6-4823-9C6D-C884C0820039}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD7EC687-ACE5-4590-AC22-DAE29BE56A30}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1860F8F9-BD4B-498A-98F6-63BD67A0F60D}" = protocol=58 | dir=out | [email protected],-28546 |
"{18D9D30B-B1E7-4C68-B306-AE67A2D50360}" = protocol=1 | dir=in | [email protected],-28543 |
"{18F0D3C5-B215-4BD3-9B08-795C01321483}" = protocol=1 | dir=out | [email protected],-28544 |
"{299D5095-08DA-43F3-9B59-1DB176917019}" = protocol=58 | dir=in | [email protected],-28545 |
"{32AE22D2-DF9E-44B2-9B85-1E7FBCE51AF9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{33C726CF-F78D-419F-9227-2E1A6E6D9B7D}" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"{39BC80F7-B82D-4486-9A64-DA54B36F33B3}" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"{469280E6-7674-4065-8DAC-B9349E9B4BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{474BD564-A57C-4C48-956F-AECF19A919E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{87FD6B17-7839-4720-9082-D6D0214416E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8D6CDC7E-BC78-4A62-9C3A-1BF2BBF176B3}" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"{A0B64F46-03CB-4503-8BFD-8E8E0B658146}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3757911-1BD1-4144-9DBC-F412C2865B3D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B0014F15-6DC9-4ED1-A1AB-00747C9F2C70}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB79DFB8-C481-45DB-86D5-587C702882EC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BE6E9D30-DA75-426E-A4FE-A94DB78F70CE}" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"{BEEA99D0-E1C8-4D35-97CB-D1DA3AA33956}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C21E693E-EC61-4290-8119-D0099D283857}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DB3049D5-43D6-448F-8F0D-5FE1B6313B97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DDD413BA-E617-4576-A3E9-98672D0F0E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFF60631-F2AE-450B-9078-0002A41C6C25}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{2A933AB6-1DE0-4299-B4D6-B1040DCBDF34}C:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe |
"TCP Query User{32DAF5DF-155A-4291-B67A-C0AAC6EA5C61}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{57CE9CFB-0F6C-4333-A4F5-F88FFC01B13B}C:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"TCP Query User{8B421CBC-7B13-415E-9F07-16D9B60D1030}C:\program files\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"TCP Query User{960D316C-3F59-48B9-9BDA-469D8500FC70}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{EC219061-7817-49B3-B4B8-AC5B63110BA7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{257CB448-7FB4-41A4-93A3-20601CC1290B}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{276DD494-A8EB-4E66-9945-F34C1C19DECD}C:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sickbeard-win32-alpha-build503\sickbeard.exe |
"UDP Query User{44288859-1A58-4431-B79B-3DDE2037EA90}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{57B91F86-AD3E-4194-BF12-FCCD2E5A45C0}C:\program files\sickbeard-win32-alpha-build503\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard.exe |
"UDP Query User{DAC72395-E6E4-47F8-98AB-AF86C6024A97}C:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build503\sickbeard-console.exe |
"UDP Query User{F0D59722-D2F1-4A06-BFC4-4C32A9D45EF1}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{117E1610-81C4-412C-9DBB-E43566F026B1}" = FileBot
"{1A2C5449-8764-16C6-C362-BD168179F920}" = ATI Catalyst Install Manager
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-041E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Thai) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CDBB8820-BC03-8350-12A4-767C2DF43402}" = AMD Fuel
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FCA329AD-7158-C5F1-6001-426FEB74B506}" = ccc-utility64
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"TeraCopy_is1" = TeraCopy 2.27
"Unlocker" = Unlocker 1.9.2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-27 (x64)
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AEB8CB6-B14E-C3B4-E6E3-D87D85FF05FF}" = Catalyst Control Center Profiles Mobile
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C1D1B0-9EDA-6990-FB48-B6EA4ACEAA55}" = CCC Help Russian
"{1DA0D00A-0643-F330-68B4-34FE257EB99B}" = CCC Help Dutch
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FE7988D-6F76-8547-7868-783A1F2210F3}" = CCC Help Polish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2873DEF6-F8C3-E4A3-1711-2C698C6A78B0}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2DF747-4CC7-E241-120A-A8D33CE0AB93}" = CCC Help Japanese
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3119C980-E5CF-AF54-4C68-E8856B491278}" = CCC Help Chinese Standard
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FD6324C-EF8B-70E3-719B-42316C5A76E6}" = CCC Help Chinese Traditional
"{43B837AF-0E74-9FB9-CF1B-C4DA9EE4C9B6}" = CCC Help German
"{470D4DF0-5F02-253F-929A-BD0E609871E4}" = CCC Help Czech
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53D4E974-134D-B8F1-5AFF-8A13C5E55797}" = AMD VISION Engine Control Center
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{571A2B8B-09D4-5589-93F0-B7CA164BEDC2}" = CCC Help Turkish
"{5955522B-824D-3E29-87D0-B077CE4E1540}" = CCC Help Portuguese
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7BBE0097-EA2F-828A-0DB2-7C1A65C8CF47}" = Catalyst Control Center InstallProxy
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777C737-9518-FB38-F925-20128E5984D2}" = CCC Help English
"{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E07B5C5-7623-B1D1-2430-AB4FE2130524}" = Catalyst Control Center Localization All
"{90120000-0015-041E-0000-0000000FF1CE}" = Microsoft Office Access MUI (Thai) 2007
"{90120000-0015-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041E-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Thai) 2007
"{90120000-0019-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Thai) 2007
"{90120000-001A-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_ENTERPRISE_{E9E01036-7842-437F-B99E-984D738A81DA}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041E-1000-0000000FF1CE}_ENTERPRISE_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-041E-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Thai) 2007
"{90120000-0044-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_ENTERPRISE_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Thai) 2007
"{90120000-00A1-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-041E-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Thai) 2007
"{90120000-0114-041E-0000-0000000FF1CE}_ENTERPRISE_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{954358B3-C7C3-3C27-A020-6E4C71AB2351}" = CCC Help Swedish
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A134FB8F-D2D6-2C37-7B21-41FCE0706B9B}" = CCC Help Norwegian
"{A2625F9D-3A9F-8AB8-8AA8-22C243E4C93B}" = CCC Help Greek
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A59F552E-E9B8-1A13-F44F-ABFB449A4B26}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6BD840C-AE66-A6EC-F60E-5E91858A309C}" = CCC Help Spanish
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC066C02-FA35-514C-B938-BB271B0554E1}" = CCC Help Hungarian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB8F65A0-806C-F14F-DD5D-2A022CB9C5FD}" = CCC Help Danish
"{DBA4A747-3C2D-9257-7F87-ADFCD1B1822F}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18960BE-70DB-18C6-DC6C-FA6307ADC2AB}" = CCC Help French
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCBEF8AE-FA8A-C512-081A-5C24BB7E4E79}" = CCC Help Finnish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = FTDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.0.2
"FormatFactory" = FormatFactory 3.1.1
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.4
"GOM Player" = GOM Player
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Personal Video Database_is1" = Personal Video Database 1.0.2.5
"SpeedFan" = SpeedFan (remove only)
"tixati" = Tixati
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Zuma Deluxe RA" = Zuma Deluxe RA
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/30/2013 4:48:10 AM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 10/30/2013 10:00:01 AM | Computer Name = Hammer_PC | Source = Application Hang | ID = 1002
Description = The program setup.exe version 10.4.1.45 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 39a4    Start Time:
 01ced5669b103cac    Termination Time: 4    Application Path: C:\Users\ADMINI~1\AppData\Local\Temp\{45CC31FD-69AC-4C10-86B0-75BB55B7C111}\setup.exe

Report
 Id:   
 
Error - 10/30/2013 2:46:14 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 10/30/2013 3:09:59 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/1/2013 7:49:53 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/2/2013 6:07:56 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/3/2013 3:27:02 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/6/2013 5:12:53 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
Error - 11/10/2013 10:46:26 AM | Computer Name = Hammer_PC | Source = Application Hang | ID = 1002
Description = The program viddb.exe version 1.0.2.5 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1674    Start Time:
 01cede1e2e78ff83    Termination Time: 16    Application Path: C:\Program Files (x86)\Personal
 Video Database\viddb.exe    Report Id: d9dd2c65-4a16-11e3-85b5-3085a9a4a783  
 
Error - 11/10/2013 6:02:04 PM | Computer Name = Hammer_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\personal
 video database\DelZip179.dll".Error in manifest or policy file "c:\program files
 (x86)\personal video database\DelZip179.dll" on line 8.  The value "*" of attribute
 "language" in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 6/8/2014 10:58:03 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:03 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:04 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:05 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:06 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
Error - 6/8/2014 10:58:06 PM | Computer Name = Hammer_PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.
 
 
< End of report >
 


  • 0

#7
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

rebooted my machine

now have 2 desktop.ini files on the desktop that were not there before

1 says

desktop.ini

-----------------

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
CyberLink PowerDVD [email protected]:\PROGRA~2\CYBERL~1\POWERD~1\Common\MUI\PDVDEN~1.DLL,-537

------------------

2 says

desktop.ini

------------------

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Live [email protected]:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll,-100

-------------------------




OTL logfile created on: 6/11/2014 9:41:13 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 51.27% Memory free
9.34 Gb Paging File | 7.38 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 145.68 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 699.21 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive F: | 177.99 Gb Total Space | 127.65 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive H: | 931.48 Gb Total Space | 300.51 Gb Free Space | 32.26% Space Free | Partition Type: NTFS
Drive Z: | 3725.99 Gb Total Space | 2112.70 Gb Free Space | 56.70% Space Free | Partition Type: NTFS
 
Computer Name: HAMMER_PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/09 10:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/06/07 01:36:11 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/10 11:47:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/05/12 15:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/10 11:47:47 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/26 00:34:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/04/19 13:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2008/07/11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/01 15:03:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 15:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/30 09:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/28 23:02:30 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/31 01:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 08:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 06:21:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 11:47:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/01 15:03:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/01 15:03:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/01 15:03:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/02 09:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/24 22:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2012/09/22 02:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/22 02:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 21:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/30 11:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 09:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/08 05:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/31 01:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/25 01:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/19 07:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/19 07:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/10 14:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 16:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/24 08:49:46 | 000,275,024 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/02 00:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/07 17:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 08:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/24 13:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/28 19:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/06/02 01:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions
[2013/08/10 17:31:40 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013/04/28 23:35:52 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/08/30 07:01:48 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2014/05/16 15:46:04 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/02 13:39:25 | 000,006,473 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\searchplugins\BrowserProtect.xml
[2014/05/10 11:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 11:47:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/24 13:35:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\
CHR - Extension: FTdownloader V3.0 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.1_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/28 11:09:07 | 000,447,854 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15377 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC61301-CDC8-40F1-BE33-5E277F5D7094}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/24 12:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/09 15:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/06/09 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/06/09 15:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/06/09 15:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/06/05 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/06/05 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/06/05 12:00:03 | 005,310,224 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/06/05 11:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2014/06/03 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\File Renamer Basic
[2014/05/31 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\poster pvd
[2014/05/27 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\SickBeard-win32-alpha-build503
[2014/05/24 17:07:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/24 16:53:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/23 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/05/23 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/05/18 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SystemUpdate_16747_USB
[2014/05/15 03:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/11 09:40:40 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 09:40:40 | 000,020,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 09:35:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/11 09:35:15 | 2800,742,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/11 09:31:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/06/11 09:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/11 02:29:14 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/06/09 15:21:26 | 000,001,113 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/07 15:03:34 | 000,786,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/07 15:03:34 | 000,657,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/07 15:03:34 | 000,123,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/05 11:59:36 | 005,310,224 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/05/28 00:35:43 | 000,001,065 | ---- | M] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/25 10:12:16 | 000,770,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/24 14:50:51 | 000,007,621 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014/05/24 13:37:08 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/16 03:04:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/16 03:04:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/16 03:04:07 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/15 10:31:32 | 218,766,503 | ---- | M] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/15 03:29:04 | 000,001,066 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2014/06/09 15:21:26 | 000,001,113 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/03 12:30:09 | 256,499,605 | ---- | C] () -- C:\NCIS.S11E23.HDTV.x264-LOL.mp4
[2014/06/03 12:30:07 | 218,766,503 | ---- | C] () -- C:\ncis.1124.hdtv-lol.mp4
[2014/05/28 00:35:43 | 000,001,065 | ---- | C] () -- C:\Users\Administrator\Desktop\SickBeard-console - Shortcut.lnk
[2014/05/24 15:31:18 | 2800,742,400 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/24 13:37:07 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 17:22:30 | 000,007,621 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/12/19 00:31:03 | 000,000,129 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2013/11/01 02:21:49 | 000,000,296 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/07 13:19:43 | 000,770,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/15 12:11:09 | 000,001,066 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/05/01 12:22:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/30 14:25:30 | 003,845,632 | ---- | C] () -- C:\Program Files\EOCP Drivers 0.9.311007.msi
[2013/04/30 14:25:30 | 000,006,129 | ---- | C] () -- C:\Program Files\0x0409.ini
[2013/04/28 21:41:04 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/04/28 18:03:51 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013/04/28 18:03:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013/04/28 18:03:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013/04/28 18:03:39 | 000,084,914 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/04/28 18:03:17 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/04/28 18:02:22 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013/04/28 17:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/28 17:49:26 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/04/28 17:48:10 | 000,027,556 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/04/28 17:47:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/04/28 17:47:24 | 000,023,507 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/03/08 14:39:40 | 000,024,036 | ---- | C] () -- C:\Users\Administrator\SDActivate.lng
[2012/09/22 02:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/22 02:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/22 02:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/30 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2014/04/27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARecEngine
[2013/04/28 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS
[2013/11/26 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2013/07/06 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu
[2013/07/06 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Baidu Security
[2013/05/13 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2014/06/02 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2014/05/29 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DropboxMaster
[2013/08/12 14:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileBot
[2014/05/03 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2014/06/09 15:21:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/02/13 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2013/08/12 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Personal Video Database
[2012/01/30 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhotoScape
[2013/07/02 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2014/05/25 04:27:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeraCopy
[2014/06/11 09:43:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tixati
[2014/04/09 13:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013/11/16 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/01/30 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/06/09 15:28:58 | 000,000,000 | ---D | M](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
[2014/06/09 15:28:58 | 000,000,000 | ---D | M](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
[2014/06/09 15:28:58 | 000,000,000 | ---D | C](C:\Users\Administrator\AppData\Local\Logitech? Webcam Software) -- C:\Users\Administrator\AppData\Local\Logitech® Webcam Software

< End of report >


 


Edited by hammer55, 10 June 2014 - 08:48 PM.

  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi hammer55, :)
 

now have 2 desktop.ini files on the desktop that were not there before

Do you have "Show hidden files and folders" enabled. They are harmless.
  • Step #1 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      [2013/08/10 17:31:40 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
      [2013/05/02 13:39:25 | 000,006,473 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\searchplugins\BrowserProtect.xml
      O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
      O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      [2014/06/05 11:59:36 | 005,310,224 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
      [2013/05/13 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
      [2014/06/11 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\tixati
      [2014/04/09 13:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
      [2013/11/16 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent

      :Commands
      [emptytemp]
      [resethosts]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #3 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
    • AdwCleaner Log
    • Junkware Removal Tool Log
Regards,
Valinorum
  • 0

#9
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\searchplugins\BrowserProtect.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cf699ca-2174-4ed8-bec1-ba82095edce0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\ProgramData\pclunst.exe moved successfully.
C:\Users\Administrator\AppData\Roaming\BitTorrent\share folder moved successfully.
C:\Users\Administrator\AppData\Roaming\BitTorrent\ie folder moved successfully.
C:\Users\Administrator\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Administrator\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Administrator\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\Administrator\AppData\Roaming\tixati\incomplete-pieces folder moved successfully.
C:\Users\Administrator\AppData\Roaming\tixati folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014\TuningIndex folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014\StartUp Manager folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014\Dashboard folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014\Backups folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities\CrashDumps folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\Administrator\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Administrator\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Administrator\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Administrator\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Administrator\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: ADMIN
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Administrator
->Temp folder emptied: 129975764 bytes
->Temporary Internet Files folder emptied: 7707563 bytes
->Java cache emptied: 354163 bytes
->FireFox cache emptied: 315413807 bytes
->Google Chrome cache emptied: 49594337 bytes
->Flash cache emptied: 13195 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 41776416 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8177482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50595 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 528.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06112014_133346

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#10
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

adwcleaner
pending: please uncheck elements you don't want to remove.

the list is empty


  • 0

Advertisements


#11
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

# AdwCleaner v3.212 - Report created 11/06/2014 at 13:58:27
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator - HAMMER_PC
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Users\Administrator\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Administrator\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Administrator\AppData\Roaming\baidu
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\invalidprefs.js
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\d28ad9b469ba15
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\filescout
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\29aiez7a.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "f4d00efd0000000000003085a9a4a783");
Line Deleted : user_pref("extensions.delta.instlDay", "15824");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1611:51:35");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");

-\\ Google Chrome v

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : bbffdhejhaoiflnpooogkckfdcmmjppn

*************************

AdwCleaner[R0].txt - [7315 octets] - [11/06/2014 13:49:10]
AdwCleaner[R1].txt - [7375 octets] - [11/06/2014 13:52:13]
AdwCleaner[S0].txt - [7311 octets] - [11/06/2014 13:58:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7371 octets] ##########
 


  • 0

#12
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Administrator on Wed 06/11/2014 at 14:06:54.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3656022312-3907193958-3378201931-500\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"



~~~ FireFox

Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\29aiez7a.default\prefs.js

user_pref("extensions.BlockSite.blacklist", "lp.webgame.in.th|||mysearch.avg.com/tab?pid=safeguard&sg=0&cid=%7B384a9e86-f3b0-441e-9afe-97d9c98912f0%7D&mid=2bf9152a071c47d38b68
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\29aiez7a.default\minidumps [135 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/11/2014 at 14:15:30.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#13
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thanx for the quick help

 

was this it?


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi hammer55, :)

How is your system running?
  • Step #4 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#15
hammer55

hammer55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

seems happy

 

Already had malwarbytes installed and will run it again and send you the log.

 

Than I will install and run Eset Online scanner


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP