Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Slowed Down to a Halt and Often Freezes [Solved]

Started by matejbSM , Jun 19 2014 09:07 AM

  • This topic is locked This topic is locked

#1
matejbSM
Posted 19 June 2014 - 09:07 AM

matejbSM

    Member

  • Member
  • PipPip
  • 13 posts

Hi Guys,

 

I have a DELL Vostro laptop (Windows 7) that has begun to slow down, making work on it near impossible. It started with Chrome/Firefox taking very long to load webpages, but now the whole system is slowed down - e.g. closing a Microsoft Word document or exiting Skype can take a couple of minutes, complete with freezing.

 

Overall, it just seems like there's a process that is taking up most, if not all, of the processor, but there's nothing to be found. 

 

I am copying the OTL log below. 

 

Thank you very much in advance.

 

 

 

 

 

OTL logfile created on: 19. 6. 2014 16:51:40 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marushka\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
2,97 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,74% Memory free
5,93 Gb Paging File | 4,41 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 165,11 Gb Free Space | 58,26% Space Free | Partition Type: NTFS
 
Computer Name: MARUSHKA-PC | User Name: Marushka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/11 13:04:29 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/06/05 15:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/10/24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Marushka\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/10/19 11:30:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marushka\Downloads\OTL.exe
PRC - [2013/05/28 15:39:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/03/26 12:29:04 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
PRC - [2013/03/04 10:24:22 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/03/04 10:24:14 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/11 13:06:05 | 003,022,960 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/06/11 13:05:59 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/11 13:05:53 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/06/05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 15:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014/06/05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 15:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 15:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2013/07/31 22:36:12 | 002,601,328 | ---- | M] () -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/05 11:09:56 | 001,045,840 | ---- | M] (Flexera Software LLC.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2014/05/04 17:12:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 12:29:04 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Synology Data Replicator  3\SynoDrService.exe -- (SynoDrService)
SRV - [2013/03/26 10:13:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/03/04 10:24:22 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/01/25 09:12:46 | 000,248,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/11/29 13:56:54 | 000,196,616 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2011/10/12 19:14:14 | 001,479,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/12 19:14:08 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marushka\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/25 16:53:46 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2013/03/26 13:05:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/02/14 13:21:04 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/01/10 10:25:20 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/01/10 10:25:20 | 000,105,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012/08/03 11:36:46 | 000,045,792 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2011/09/22 14:08:26 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 04:57:02 | 000,064,512 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Leadtek.sys -- (Leadtek)
DRV - [2010/10/21 00:49:46 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 B6 52 8C F9 2D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Marushka\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marushka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Marushka\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marushka\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marushka\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/03/26 09:09:59 | 000,000,000 | ---D | M]
 
[2013/03/26 13:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marushka\AppData\Roaming\mozilla\Extensions
[2014/06/05 22:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marushka\AppData\Roaming\mozilla\Firefox\Profiles\at5cgr2g.default\extensions
[2014/06/05 22:07:57 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Marushka\AppData\Roaming\mozilla\firefox\profiles\at5cgr2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/30 12:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/04 17:12:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Skype Click to Call = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [f.lux] C:\Users\Marushka\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [uTorrent] C:\Users\Marushka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marushka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A51E8F3-A12A-4606-A70D-21418D07D57D}: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C57B98C-4A26-4A9C-AE16-5403977D8E36}: DhcpNameServer = 192.108.131.11 194.160.44.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/17 21:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DjVuLibre
[2014/06/17 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\DjVuLibre
[2014/06/11 20:22:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/11 16:41:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/06/02 10:43:46 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/02 10:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2014/06/02 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2014/05/22 12:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[6 C:\Users\Marushka\Desktop\*.tmp files -> C:\Users\Marushka\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/19 16:28:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/19 16:28:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/19 16:16:54 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce8c2d48f3ea4f.job
[2014/06/19 16:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/19 16:15:58 | 2387,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/19 16:14:41 | 000,003,432 | ---- | M] () -- C:\bootsqm.dat
[2014/06/19 15:16:20 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3240352030-749572926-2809846025-1000UA.job
[2014/06/19 15:14:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8acbbe7d0d47.job
[2014/06/18 20:16:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3240352030-749572926-2809846025-1000Core.job
[2014/06/17 21:32:37 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\DjView.lnk
[2014/06/15 14:41:40 | 000,070,451 | ---- | M] () -- C:\Users\Marushka\Desktop\10468523_529875637117051_1180292672800172256_n.jpg
[2014/06/11 22:07:49 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/11 13:07:21 | 000,002,056 | ---- | M] () -- C:\Users\Marushka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/06/10 17:26:58 | 000,249,290 | ---- | M] () -- C:\Users\Marushka\Desktop\farts.png
[2014/06/10 13:45:00 | 000,007,601 | ---- | M] () -- C:\Users\Marushka\AppData\Local\Resmon.ResmonCfg
[2014/06/10 11:40:05 | 000,016,496 | ---- | M] () -- C:\Users\Marushka\Desktop\bronbron.jpg
[2014/06/04 11:57:17 | 000,001,488 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/06/02 19:18:51 | 000,401,704 | ---- | M] () -- C:\Users\Marushka\Desktop\vin.png
[2014/06/02 10:43:21 | 000,000,989 | ---- | M] () -- C:\Users\Marushka\Desktop\HTTrack Website Copier.lnk
[2014/06/01 20:20:25 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/01 20:20:25 | 000,121,986 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/30 11:32:45 | 000,001,055 | ---- | M] () -- C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[6 C:\Users\Marushka\Desktop\*.tmp files -> C:\Users\Marushka\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/19 16:14:41 | 000,003,432 | ---- | C] () -- C:\bootsqm.dat
[2014/06/18 10:03:09 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8acbbe7d0d47.job
[2014/06/17 21:32:37 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\DjView.lnk
[2014/06/15 14:41:28 | 000,070,451 | ---- | C] () -- C:\Users\Marushka\Desktop\10468523_529875637117051_1180292672800172256_n.jpg
[2014/06/10 17:26:57 | 000,249,290 | ---- | C] () -- C:\Users\Marushka\Desktop\farts.png
[2014/06/10 11:39:35 | 000,016,496 | ---- | C] () -- C:\Users\Marushka\Desktop\bronbron.jpg
[2014/06/04 11:57:17 | 000,001,500 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/06/04 11:57:17 | 000,001,488 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/06/02 19:18:51 | 000,401,704 | ---- | C] () -- C:\Users\Marushka\Desktop\vin.png
[2014/06/02 10:43:21 | 000,000,989 | ---- | C] () -- C:\Users\Marushka\Desktop\HTTrack Website Copier.lnk
[2013/11/06 19:31:33 | 000,020,329 | ---- | C] () -- C:\Users\Marushka\Legolas.jpg
[2013/10/31 16:23:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/31 16:23:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/31 16:23:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/31 16:23:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/31 16:23:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/05 21:22:04 | 000,007,601 | ---- | C] () -- C:\Users\Marushka\AppData\Local\Resmon.ResmonCfg
[2013/05/02 14:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/04/05 16:15:25 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2013/04/05 16:15:25 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL
[2013/03/28 12:07:24 | 000,004,096 | -H-- | C] () -- C:\Users\Marushka\AppData\Local\keyfile3.drm
[2013/03/26 13:13:08 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2013/03/26 13:13:03 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2013/03/26 13:13:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2013/03/26 13:12:04 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2013/03/26 12:41:09 | 000,000,439 | ---- | C] () -- C:\Windows\System32\CNCMFP42.INI
[2012/12/04 10:12:10 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/04 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Canon
[2013/05/02 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\DAEMON Tools Lite
[2013/03/26 12:49:55 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Downloaded Installations
[2014/06/19 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Dropbox
[2014/06/19 12:26:46 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\DropboxMaster
[2014/05/05 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Final Draft
[2013/09/03 10:11:17 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\IrfanView
[2014/05/12 16:34:01 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Leadertech
[2013/08/16 23:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\MAGIX
[2014/03/05 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Nitro
[2014/03/03 12:29:56 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Nitro PDF
[2013/08/19 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Notepad++
[2014/03/21 11:53:23 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\PandoraRecovery
[2014/03/21 11:27:34 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Rainmeter
[2013/03/26 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Thunderbird
[2014/03/21 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\TuneUp Software
[2014/06/19 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\uTorrent
[2014/02/15 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Webcam Simulator
[2014/05/12 16:36:34 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
Valinorum
Posted 24 June 2014 - 05:54 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Please post the Extras.txt located in C:\Users\Marushka\Downloads. It is generated on the first run of OTL.
  • 0

#3
matejbSM
Posted 25 June 2014 - 03:19 AM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi,

 

Thanks for the reply!

 

This actually wasn't the 1st run of OTL on the computer, so I redid the scan (checked "All" on "Extra Registry" and clicked "Run Scan") and copied the Extra.txt from that run. Hope that's alright:

 

OTL Extras logfile created on: 25. 6. 2014 11:03:17 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marushka\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
2,97 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 35,37% Memory free
5,93 Gb Paging File | 2,89 Gb Available in Paging File | 48,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 167,29 Gb Free Space | 59,03% Space Free | Partition Type: NTFS
 
Computer Name: MARUSHKA-PC | User Name: Marushka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01486667-95B6-4877-8647-3BEDF2C6B8B7}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{04C43102-BF65-417A-8C31-A10DC867080C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0C7E23A0-8605-4D7C-9CC0-C44EF5D6BB30}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0E24B226-DB24-4614-8C35-ED7ADDD7FCBC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B98DD1D-179F-4C82-8436-4478A46D6BA3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1E011263-CC5B-4FBF-887B-0EF447CAC990}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3437E1A2-C0FD-413B-A72E-11B961930E0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3598EC0E-909A-4504-A303-025C36C59971}" = lport=137 | protocol=17 | dir=in | app=system | 
"{35AB3744-48AA-4193-A2C5-00074AE4C955}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{3F3FD432-B49C-4366-9434-ECB8B1BBC125}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4599BF02-83F5-4B05-AD16-1899CA72DF7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4C0DC677-D33C-4CFC-8C9C-6CB7E7B04DD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DDBE32B-C118-4570-B405-BA9745192A26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71825E3C-C2A4-4A03-9EB6-8B7630C6207E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8183E538-C114-4590-A8F1-96139B4D5103}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{81B348E6-0D75-4FEE-9FD0-2A5277FD15A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D1231DD-B11E-4E50-B054-BA92A547C6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{904D26B8-22C3-48CF-AAE5-782ED4B3924F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{936B0D23-C482-4A2F-98B0-4E58FBE685E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97C8B12A-44AC-4DE9-999A-AD3CEC92740D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C97F395-50EF-4002-8D53-ED2E3A37E181}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D9B1CF5-5608-4852-B1C9-6BCBE4652CD4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A8DF2404-26CF-4980-B763-6F311DFF352B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B5DA81C3-0F77-44C4-82EF-2D2003F1A1BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9164400-14FC-41DF-9AE0-D3FC340CB0D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0297765-F9BA-4EB6-BD15-0FF5A555D560}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CB2C628E-3AC6-457C-9750-B873A87A8FB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CB9C89D0-85A7-45D7-8CA9-57444407CE29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF664720-CA7A-4FBB-8D2B-53B8E2A42A03}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{D5DBFECB-0B6F-4ED2-8CF7-4CEAF85A07BC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD72F599-AA1E-4CEE-93F4-040783DAD017}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0D9DE32-45DB-4618-9FF2-16EECEEF427A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4E7AEBF-2612-4957-893B-88568A7A7065}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC54E08B-DF14-442E-85F2-9BDC4332F97A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFC2E954-408A-4DEC-B726-7F887EF7780F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DA712A-8392-4FC5-93E0-2FD69A0445A3}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{0DE68B24-C0F8-4460-B807-6D111D10F18D}" = protocol=58 | dir=out | [email protected],-28546 | 
"{0E68DA53-1FCF-4AD1-9E39-EB6505E5F307}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{14E364F5-D909-4325-BA2D-0F16769330C5}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{346012FE-164C-43E2-A63A-3D56925F3930}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3DD56A40-2581-4048-A13D-B1771DDFFE48}" = protocol=58 | dir=in | [email protected],-28545 | 
"{3FC02502-C279-4A89-B8F7-B3CCB54F4CE7}" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{404954B3-32CB-4017-B7BB-7E6AC567DD13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B717ACC-ABFF-4E0F-9BF0-2451081D566C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5E1C0C3A-39F8-45FA-9E04-08E76D71ED7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E6DF313-C982-49FA-BE7A-D319287B4317}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{61085934-5C82-4FB7-AD34-73918F93DB36}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6812F7B6-C489-4907-9826-FB7E87380009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D409EA6-B18B-4F82-A42A-CB3C07C6B19D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72BE91BA-A8C8-4582-BA79-09B4BEFB49B4}" = protocol=17 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst.exe | 
"{73A6E3D8-3DEB-429A-A5D6-9442E11F7BC4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{7E8065E1-6374-4D68-AA93-9BF8E6232141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{819A188D-762F-40C1-8410-F060FDB28402}" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\utorrent\utorrent.exe | 
"{8333084C-35B7-4461-ACC1-EF9BCC8B762F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{8A4EF600-23AF-4384-8446-364A74E0F234}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A6D6DB3-7585-47F1-8A97-7E59D2F94E7A}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{8F834BAD-05E7-4C63-AA9E-850E0F32D0D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{904D856B-6EBC-423A-8B02-FA49797A5C93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D7EF821-DBE8-4C40-A469-06EFF9187519}" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A5BAA61C-0F65-45B3-85B3-59F294AAA3DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6D44957-D1DE-481B-87BB-C69A092D68AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AE281913-4378-46CD-BB41-2D51CBB092B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C269DCC6-316F-45F5-9B80-7ACB47A6FEC5}" = protocol=6 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst.exe | 
"{C70BD697-6CB7-413D-9070-397C3E78699B}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D0A321D7-64FF-4292-B55C-B0AAF8F75D7A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D9FC4931-3E1A-4944-8AB2-4DE25D31BBD5}" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\utorrent\utorrent.exe | 
"{E5D949B5-4355-4BEB-9943-750658F0CBAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E5FB4354-28A8-42E1-980D-4C855B0CB478}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F76B5C32-0706-4078-87C5-416F37AF888A}" = protocol=6 | dir=out | app=system | 
"{F99719FC-25F5-4759-8F31-6413DB8BAE56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCDD7E1A-B0AE-471E-8274-133493D93469}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2434AC55-9CB2-4AD8-BA6E-A06F2C2AF666}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"TCP Query User{26F799AF-44ED-43E0-B754-894EECE6CCF0}C:\program files\synology data replicator  3\backup.exe" = protocol=6 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"TCP Query User{4738E63C-EEC8-47C4-BC68-ACD0D752980D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{91320F11-51BA-4DD4-8C52-DD238AD252BD}C:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{9D775D32-396F-46E3-92D9-E8C55725E7AF}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"TCP Query User{CC3600AC-E1EB-46DA-B3AD-7B68CC63747B}C:\program files\adobe\adobe edge animate cc\edgeanimate.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe edge animate cc\edgeanimate.exe | 
"UDP Query User{049E19A0-62E3-4AA3-AEE5-50F59E093B85}C:\program files\synology data replicator  3\backup.exe" = protocol=17 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"UDP Query User{25A6B8A0-444E-4D17-B724-C6533E727F6E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E414319-564F-42EF-AB57-B7625546AC6B}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"UDP Query User{B375648C-20D6-47A4-9CED-B168FD73A2F8}C:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{BE98CAAA-591A-43E1-8C8F-0899D57DC0B1}C:\program files\adobe\adobe edge animate cc\edgeanimate.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe edge animate cc\edgeanimate.exe | 
"UDP Query User{E08EAFA8-BBB2-4DEC-9BB1-8F06193A7347}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F52F36E-895D-4E01-B4D4-E23C4FA4193B}" = simplitec simplicheck
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E4CDDD-F778-42C9-81C9-1BFB87DE517E}" = ESET NOD32 Antivirus
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7581B61-C9F9-4fea-B845-E7733C17EC19}" = Canon MF8000C Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C7B07044-15B9-4894-9A88-C86761CF4B12}_is1" = Yodot RAR Repair
"{C935F091-75FD-752B-B19D-6AAE0D24B05B}" = Adobe Muse
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D4D14FC9-2815-43EB-935B-482DB7C9526C}" = Xara Web Designer 9 Premium
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}" = Final Draft
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}" = Nitro Pro 8
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = KMP Service
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AdobeMuse" = Adobe Muse
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DjVuLibre+DjView" = DjVuLibre DjView  3.5.25.4+4.9.2
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"IrfanView" = IrfanView (remove only)
"Lexicon5" = Lingea Lexicon 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MX.{D4D14FC9-2815-43EB-935B-482DB7C9526C}" = Xara Web Designer 9 Premium
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Rainmeter" = Rainmeter
"Synology Assistant" = Synology Assistant (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.1.2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.48-9
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WVCSetup7.0.0_is1" = Webcam Video Capture 7.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Dropbox" = Dropbox
"Flux" = f.lux
"GoToMeeting" = GoToMeeting 5.5.0.1133
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19. 6. 2014 13:46:11 | Computer Name = Marushka-PC | Source = ESENT | ID = 455
Description = Windows (3616) Windows: Error -1811 occurred while opening logfile
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00059.log.
 
Error - 19. 6. 2014 13:46:12 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 19. 6. 2014 13:46:12 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 19. 6. 2014 13:46:12 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 19. 6. 2014 13:46:12 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 19. 6. 2014 13:46:12 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 19. 6. 2014 13:46:24 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 19. 6. 2014 13:46:24 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 19. 6. 2014 13:46:24 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 19. 6. 2014 13:46:24 | Computer Name = Marushka-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 6. 1. 2014 6:21:28 | Computer Name = Marushka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 7. 1. 2014 9:32:22 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 8. 1. 2014 19:12:06 | Computer Name = Marushka-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:16:27 on ?8. ?1. ?2014 was unexpected.
 
Error - 8. 1. 2014 19:12:10 | Computer Name = MARUSHKA-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 8. 1. 2014 19:11:59 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 9. 1. 2014 7:12:30 | Computer Name = Marushka-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 10. 1. 2014 4:01:35 | Computer Name = Marushka-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 10. 1. 2014 9:47:04 | Computer Name = Marushka-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:44:18 on ?10. ?1. ?2014 was unexpected.
 
Error - 10. 1. 2014 9:47:03 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 10. 1. 2014 23:38:16 | Computer Name = Marushka-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the iphlpsvc service.
 
[ TuneUp Events ]
Error - 11. 6. 2014 7:27:45 | Computer Name = Marushka-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

  • 0

#4
Valinorum
Posted 25 June 2014 - 04:02 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi,
Did you run Combofix without supervision prior asking for help here?
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • TuneUp Utilities 2012
    • TuneUp Utilities Language Pack (en-US)
    • Malwarebytes Anti-Malware version 1.75.0.1300 (Outdated)
    • Mozilla Firefox 28.0 (x86 en-US) (Update it)
    • TuneUp Utilities 2012
 
  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #3 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      [2014/03/21 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Marushka\AppData\Roaming\TuneUp Software
      [6 C:\Users\Marushka\Desktop\*.tmp files -> C:\Users\Marushka\Desktop\*.tmp -> ]
      [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
      [2014/06/11 20:22:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2014/06/11 16:41:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
      O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
      DRV - [2011/09/22 14:08:26 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
Regards,
Valinorum
  • 0

#5
matejbSM
Posted 25 June 2014 - 10:02 AM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi,

 

Thanks for the quick reply.

 

I have Combofix as last used in October, 2013. To be honest with you, I don't really remember for certain,but the computer was experiencing problems before, so it it possible. Sorry if that complicates things. 

 

I deleted [EDIT: uninstalled (just to be on the same page)] the programs you mentioned above and am attaching the OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogonScreens folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogoAnimations folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\BootScreens folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012 folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\TuningIndex folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\StartUp Manager\Disabled objects folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\StartUp Manager folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\Speed Optimizer folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\Dashboard folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Marushka\AppData\Roaming\TuneUp Software folder moved successfully.
File/Folder C:\Users\Marushka\Desktop\*.tmp not found.
C:\Program Files\GUMD56A.tmp folder deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3240352030-749572926-2809846025-1000 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Error: No service named TuneUpUtilitiesDrv was found to stop!
Service\Driver key TuneUpUtilitiesDrv not found.
File C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marushka
->Temp folder emptied: 3823698 bytes
->Temporary Internet Files folder emptied: 3291370 bytes
->Java cache emptied: 381437 bytes
->Google Chrome cache emptied: 366233879 bytes
->Flash cache emptied: 58291 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 28992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1085483 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 358,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06252014_153552
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\uxt70BF.tmp not found!
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000001D6A23DB6D2B3C6EC8 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Edited by matejbSM, 25 June 2014 - 10:04 AM.

  • 0

#6
Valinorum
Posted 25 June 2014 - 10:39 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
ComboFix is an advance and extremly powerful malware removal tool. A simple mistake can make your machine unbootable. Hence the author of the said tool asks users not to run it on their own. How is your system?
  • 0

#7
matejbSM
Posted 26 June 2014 - 04:35 AM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Alright, will keep that in mind. 

 

The system seems to be running much better. Starting it up and shutting it down is still a bit slow, but it's running quite a bit more fluidly. 


  • 0

#8
Valinorum
Posted 26 June 2014 - 04:52 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Can you perform a clean boot by perusing this? Tell myself the result.
  • 0

#9
Valinorum
Posted 01 July 2014 - 12:20 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
matejbSM
Posted 17 July 2014 - 04:17 AM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thanks for reopening!

 

Here's the OTL log, as well as the Extras log (below) just in case:

 

OTL logfile created on: 17. 7. 2014 10:54:17 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marushka\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
2,97 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 39,18% Memory free
5,93 Gb Paging File | 3,92 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 151,33 Gb Free Space | 53,40% Space Free | Partition Type: NTFS
 
Computer Name: MARUSHKA-PC | User Name: Marushka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/11 13:04:29 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/06/05 15:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/20 02:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marushka\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/10/19 11:30:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marushka\Downloads\OTL.exe
PRC - [2013/05/28 15:39:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/03/04 10:24:22 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/03/04 10:24:14 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/17 10:46:12 | 000,043,008 | ---- | M] () -- c:\users\marushka\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4frni.dll
MOD - [2014/06/11 13:06:05 | 003,022,960 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/06/11 13:05:59 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/11 13:05:53 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/06/05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 15:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 15:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/01/03 03:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Marushka\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Marushka\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/07/31 22:36:12 | 002,601,328 | ---- | M] () -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2014/06/19 01:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/05 11:09:56 | 001,045,840 | ---- | M] (Flexera Software LLC.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2014/05/04 17:12:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 12:29:04 | 000,245,760 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Synology Data Replicator  3\SynoDrService.exe -- (SynoDrService)
SRV - [2013/03/26 10:13:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/03/04 10:24:22 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/01/25 09:12:46 | 000,248,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/11/29 13:56:54 | 000,196,616 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marushka\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/25 16:53:46 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2013/03/26 13:05:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/02/14 13:21:04 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/01/10 10:25:20 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/01/10 10:25:20 | 000,105,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012/08/03 11:36:46 | 000,045,792 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 04:57:02 | 000,064,512 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Leadtek.sys -- (Leadtek)
DRV - [2010/10/21 00:49:46 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 B6 52 8C F9 2D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Marushka\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marushka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Marushka\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marushka\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marushka\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/03/26 09:09:59 | 000,000,000 | ---D | M]
 
[2014/06/25 17:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marushka\AppData\Roaming\mozilla\Extensions
[2014/04/30 12:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/04 17:12:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Taskforce = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc\2.2_0\
CHR - Extension: Tokonda Messenger = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghonobjagekcnpkhcpjekbbejnjdlomg\1.0.2_0\
CHR - Extension: AdBlock = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: WhatFont = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm\2.0.2_0\
CHR - Extension: Streamus™ (Beta!) = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd\0.143_0\
CHR - Extension: Skype Click to Call = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_1\
CHR - Extension: Google Wallet = C:\Users\Marushka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_2FDB120A6B021B1DC7D20904EC7F9A01] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Marushka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marushka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A51E8F3-A12A-4606-A70D-21418D07D57D}: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A287081-5499-455D-B8DA-16A7F4AA6AE2}: DhcpNameServer = 195.146.132.58 195.146.128.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C57B98C-4A26-4A9C-AE16-5403977D8E36}: DhcpNameServer = 192.108.131.11 194.160.44.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/14 15:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/07/09 12:39:47 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/09 12:39:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/07/09 12:38:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/07/09 12:38:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/07/09 12:38:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/07/09 12:38:31 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/07/09 12:38:31 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/09 12:38:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/07/09 12:38:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/09 12:38:30 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/09 12:38:30 | 000,240,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/09 12:38:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/09 12:38:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/09 12:38:29 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/09 12:38:28 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/09 12:38:28 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/09 12:38:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/09 12:38:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/09 12:38:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/07/09 12:38:25 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/09 12:38:24 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/09 12:38:22 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/07/09 12:38:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/07/09 12:38:19 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/07/09 12:38:17 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/09 12:38:02 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/09 12:38:01 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/07/09 12:35:17 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/07/09 12:35:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/07/07 08:44:18 | 000,000,000 | ---D | C] -- C:\Users\Marushka\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/07/07 08:44:13 | 000,000,000 | ---D | C] -- C:\Users\Marushka\.android
[2014/07/01 11:51:17 | 000,000,000 | --SD | C] -- C:\Users\Marushka\Documents\My Data Sources
[2014/06/25 15:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/25 15:35:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/20 13:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/06/20 13:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/06/20 13:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/06/20 13:34:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/06/20 13:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/20 13:33:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/06/20 13:33:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/06/20 13:33:21 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/06/20 13:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/06/17 21:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DjVuLibre
[2014/06/17 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\DjVuLibre
[1 C:\Users\Marushka\Desktop\*.tmp files -> C:\Users\Marushka\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/17 10:53:16 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 10:53:16 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 10:45:49 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce8c2d48f3ea4f.job
[2014/07/17 10:44:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/17 10:44:42 | 2387,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/17 10:39:26 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8acbbe7d0d47.job
[2014/07/17 10:39:25 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3240352030-749572926-2809846025-1000UA.job
[2014/07/16 20:54:04 | 260,543,862 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/07/16 13:22:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3240352030-749572926-2809846025-1000Core1cf8c793cf9e004.job
[2014/07/15 16:57:01 | 000,001,055 | ---- | M] () -- C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/14 22:38:42 | 003,811,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/10 15:53:50 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/10 15:53:50 | 000,121,986 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/30 03:40:16 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/30 03:36:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/06/20 21:39:54 | 000,240,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/06/20 13:33:10 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/06/20 13:33:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/06/20 13:33:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/06/20 13:33:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/06/19 01:56:37 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/19 01:56:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/06/19 01:37:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/19 01:36:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/06/19 01:35:55 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/06/19 01:28:45 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/19 01:28:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/19 01:25:38 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/19 01:23:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/19 01:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/06/19 01:22:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/06/19 01:16:33 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/06/19 01:12:01 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/19 01:06:10 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/06/19 01:01:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/19 00:58:08 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/19 00:52:58 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/19 00:52:18 | 004,254,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/19 00:49:52 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/19 00:46:23 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/06/19 00:45:59 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/19 00:07:42 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/06/18 03:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/06/18 02:52:00 | 002,350,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Marushka\Desktop\*.tmp files -> C:\Users\Marushka\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/16 20:54:04 | 260,543,862 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/07/15 16:57:01 | 000,001,055 | ---- | C] () -- C:\Users\Marushka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/14 22:36:59 | 003,811,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/06/20 13:17:35 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3240352030-749572926-2809846025-1000Core1cf8c793cf9e004.job
[2014/06/18 10:03:09 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8acbbe7d0d47.job
[2013/11/06 19:31:33 | 000,020,329 | ---- | C] () -- C:\Users\Marushka\Legolas.jpg
[2013/10/31 16:23:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/31 16:23:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/31 16:23:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/31 16:23:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/31 16:23:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/05 21:22:04 | 000,007,601 | ---- | C] () -- C:\Users\Marushka\AppData\Local\Resmon.ResmonCfg
[2013/05/02 14:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/04/05 16:15:25 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2013/04/05 16:15:25 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL
[2013/03/28 12:07:24 | 000,004,096 | -H-- | C] () -- C:\Users\Marushka\AppData\Local\keyfile3.drm
[2013/03/26 13:13:08 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2013/03/26 13:13:03 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2013/03/26 13:13:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2013/03/26 13:12:04 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2013/03/26 12:41:09 | 000,000,439 | ---- | C] () -- C:\Windows\System32\CNCMFP42.INI
[2012/12/04 10:12:10 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 
 
And now the Extras:
 
 

OTL Extras logfile created on: 17. 7. 2014 10:54:17 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marushka\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
2,97 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 39,18% Memory free
5,93 Gb Paging File | 3,92 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 151,33 Gb Free Space | 53,40% Space Free | Partition Type: NTFS
 
Computer Name: MARUSHKA-PC | User Name: Marushka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01486667-95B6-4877-8647-3BEDF2C6B8B7}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{04C43102-BF65-417A-8C31-A10DC867080C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0C7E23A0-8605-4D7C-9CC0-C44EF5D6BB30}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0E24B226-DB24-4614-8C35-ED7ADDD7FCBC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B98DD1D-179F-4C82-8436-4478A46D6BA3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1E011263-CC5B-4FBF-887B-0EF447CAC990}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3437E1A2-C0FD-413B-A72E-11B961930E0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3598EC0E-909A-4504-A303-025C36C59971}" = lport=137 | protocol=17 | dir=in | app=system | 
"{35AB3744-48AA-4193-A2C5-00074AE4C955}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{3F3FD432-B49C-4366-9434-ECB8B1BBC125}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4599BF02-83F5-4B05-AD16-1899CA72DF7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4C0DC677-D33C-4CFC-8C9C-6CB7E7B04DD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DDBE32B-C118-4570-B405-BA9745192A26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71825E3C-C2A4-4A03-9EB6-8B7630C6207E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8183E538-C114-4590-A8F1-96139B4D5103}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{81B348E6-0D75-4FEE-9FD0-2A5277FD15A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D1231DD-B11E-4E50-B054-BA92A547C6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{904D26B8-22C3-48CF-AAE5-782ED4B3924F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{936B0D23-C482-4A2F-98B0-4E58FBE685E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97C8B12A-44AC-4DE9-999A-AD3CEC92740D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C97F395-50EF-4002-8D53-ED2E3A37E181}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D9B1CF5-5608-4852-B1C9-6BCBE4652CD4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A8DF2404-26CF-4980-B763-6F311DFF352B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B5DA81C3-0F77-44C4-82EF-2D2003F1A1BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9164400-14FC-41DF-9AE0-D3FC340CB0D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0297765-F9BA-4EB6-BD15-0FF5A555D560}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CB2C628E-3AC6-457C-9750-B873A87A8FB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CB9C89D0-85A7-45D7-8CA9-57444407CE29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF664720-CA7A-4FBB-8D2B-53B8E2A42A03}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{D5DBFECB-0B6F-4ED2-8CF7-4CEAF85A07BC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD72F599-AA1E-4CEE-93F4-040783DAD017}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0D9DE32-45DB-4618-9FF2-16EECEEF427A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4E7AEBF-2612-4957-893B-88568A7A7065}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC54E08B-DF14-442E-85F2-9BDC4332F97A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFC2E954-408A-4DEC-B726-7F887EF7780F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DA712A-8392-4FC5-93E0-2FD69A0445A3}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{0DE68B24-C0F8-4460-B807-6D111D10F18D}" = protocol=58 | dir=out | [email protected],-28546 | 
"{0E68DA53-1FCF-4AD1-9E39-EB6505E5F307}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{14E364F5-D909-4325-BA2D-0F16769330C5}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{346012FE-164C-43E2-A63A-3D56925F3930}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3DD56A40-2581-4048-A13D-B1771DDFFE48}" = protocol=58 | dir=in | [email protected],-28545 | 
"{3FC02502-C279-4A89-B8F7-B3CCB54F4CE7}" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{404954B3-32CB-4017-B7BB-7E6AC567DD13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B717ACC-ABFF-4E0F-9BF0-2451081D566C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5E1C0C3A-39F8-45FA-9E04-08E76D71ED7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E6DF313-C982-49FA-BE7A-D319287B4317}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{61085934-5C82-4FB7-AD34-73918F93DB36}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6812F7B6-C489-4907-9826-FB7E87380009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D409EA6-B18B-4F82-A42A-CB3C07C6B19D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72BE91BA-A8C8-4582-BA79-09B4BEFB49B4}" = protocol=17 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst.exe | 
"{73A6E3D8-3DEB-429A-A5D6-9442E11F7BC4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{7E8065E1-6374-4D68-AA93-9BF8E6232141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{819A188D-762F-40C1-8410-F060FDB28402}" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\utorrent\utorrent.exe | 
"{8333084C-35B7-4461-ACC1-EF9BCC8B762F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{8A4EF600-23AF-4384-8446-364A74E0F234}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A6D6DB3-7585-47F1-8A97-7E59D2F94E7A}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\kmpprocess.exe | 
"{8F834BAD-05E7-4C63-AA9E-850E0F32D0D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{904D856B-6EBC-423A-8B02-FA49797A5C93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D7EF821-DBE8-4C40-A469-06EFF9187519}" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A5BAA61C-0F65-45B3-85B3-59F294AAA3DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6D44957-D1DE-481B-87BB-C69A092D68AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AE281913-4378-46CD-BB41-2D51CBB092B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C269DCC6-316F-45F5-9B80-7ACB47A6FEC5}" = protocol=6 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst.exe | 
"{C70BD697-6CB7-413D-9070-397C3E78699B}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D0A321D7-64FF-4292-B55C-B0AAF8F75D7A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D9FC4931-3E1A-4944-8AB2-4DE25D31BBD5}" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\utorrent\utorrent.exe | 
"{E5D949B5-4355-4BEB-9943-750658F0CBAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E5FB4354-28A8-42E1-980D-4C855B0CB478}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F76B5C32-0706-4078-87C5-416F37AF888A}" = protocol=6 | dir=out | app=system | 
"{F99719FC-25F5-4759-8F31-6413DB8BAE56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCDD7E1A-B0AE-471E-8274-133493D93469}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2434AC55-9CB2-4AD8-BA6E-A06F2C2AF666}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"TCP Query User{26F799AF-44ED-43E0-B754-894EECE6CCF0}C:\program files\synology data replicator  3\backup.exe" = protocol=6 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"TCP Query User{4738E63C-EEC8-47C4-BC68-ACD0D752980D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{91320F11-51BA-4DD4-8C52-DD238AD252BD}C:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{9D775D32-396F-46E3-92D9-E8C55725E7AF}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"TCP Query User{CC3600AC-E1EB-46DA-B3AD-7B68CC63747B}C:\program files\adobe\adobe edge animate cc\edgeanimate.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe edge animate cc\edgeanimate.exe | 
"UDP Query User{049E19A0-62E3-4AA3-AEE5-50F59E093B85}C:\program files\synology data replicator  3\backup.exe" = protocol=17 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"UDP Query User{25A6B8A0-444E-4D17-B724-C6533E727F6E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E414319-564F-42EF-AB57-B7625546AC6B}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"UDP Query User{B375648C-20D6-47A4-9CED-B168FD73A2F8}C:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marushka\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{BE98CAAA-591A-43E1-8C8F-0899D57DC0B1}C:\program files\adobe\adobe edge animate cc\edgeanimate.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe edge animate cc\edgeanimate.exe | 
"UDP Query User{E08EAFA8-BBB2-4DEC-9BB1-8F06193A7347}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F52F36E-895D-4E01-B4D4-E23C4FA4193B}" = simplitec simplicheck
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E4CDDD-F778-42C9-81C9-1BFB87DE517E}" = ESET NOD32 Antivirus
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7581B61-C9F9-4fea-B845-E7733C17EC19}" = Canon MF8000C Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C7B07044-15B9-4894-9A88-C86761CF4B12}_is1" = Yodot RAR Repair
"{C935F091-75FD-752B-B19D-6AAE0D24B05B}" = Adobe Muse
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D4D14FC9-2815-43EB-935B-482DB7C9526C}" = Xara Web Designer 9 Premium
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}" = Final Draft
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}" = Nitro Pro 8
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = KMP Service
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AdobeMuse" = Adobe Muse
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DjVuLibre+DjView" = DjVuLibre DjView  3.5.25.4+4.9.2
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"IrfanView" = IrfanView (remove only)
"Lexicon5" = Lingea Lexicon 5
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MX.{D4D14FC9-2815-43EB-935B-482DB7C9526C}" = Xara Web Designer 9 Premium
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Synology Assistant" = Synology Assistant (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.1.2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.48-9
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WVCSetup7.0.0_is1" = Webcam Video Capture 7.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Dropbox" = Dropbox
"Flux" = f.lux
"GoToMeeting" = GoToMeeting 5.5.0.1133
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5. 7. 2014 19:21:56 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5. 7. 2014 19:21:56 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198
 
Error - 5. 7. 2014 19:21:56 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198
 
Error - 5. 7. 2014 19:21:57 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5. 7. 2014 19:21:57 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4196
 
Error - 5. 7. 2014 19:21:57 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4196
 
Error - 5. 7. 2014 19:21:59 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5. 7. 2014 19:21:59 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5476
 
Error - 5. 7. 2014 19:21:59 | Computer Name = Marushka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5476
 
Error - 7. 7. 2014 12:47:26 | Computer Name = Marushka-PC | Source = Application Error | ID = 1000
Description = Faulting application name: KMPProcess.exe, version: 1.0.1.2, time 
stamp: 0x51d50ca2  Faulting module name: PanStreamer.dll, version: 2.0.7.38, time 
stamp: 0x509c8e1f  Exception code: 0xc0000005  Fault offset: 0x0001dc74  Faulting process
 id: 0xefc  Faulting application start time: 0x01cf99c59ffdab55  Faulting application
 path: C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe  Faulting module path:
 C:\Program Files\PANDORA.TV\PanService\PanStreamer.dll  Report Id: 5fec4c38-05f6-11e4-a822-f04da265dd5f
 
[ System Events ]
Error - 15. 2. 2014 4:29:56 | Computer Name = Marushka-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:50:13 on ?14. ?2. ?2014 was unexpected.
 
Error - 15. 2. 2014 4:29:57 | Computer Name = MARUSHKA-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 15. 2. 2014 4:29:57 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 15. 2. 2014 8:42:14 | Computer Name = Marushka-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 194.160.49.97.  The computer with the IP address 194.160.49.169 did
 not allow the name to be claimed by  this computer.
 
Error - 15. 2. 2014 14:12:30 | Computer Name = Marushka-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:29:44 on ?15. ?2. ?2014 was unexpected.
 
Error - 15. 2. 2014 14:11:29 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 15. 2. 2014 14:12:28 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 15. 2. 2014 14:51:25 | Computer Name = Marushka-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:47:14 on ?15. ?2. ?2014 was unexpected.
 
Error - 15. 2. 2014 14:51:30 | Computer Name = MARUSHKA-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 15. 2. 2014 14:51:30 | Computer Name = Marushka-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
[ TuneUp Events ]
Error - 11. 6. 2014 7:27:45 | Computer Name = Marushka-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
 

  • 0

Advertisements

#11
Valinorum
Posted 18 July 2014 - 03:37 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Before I move on to the fix, can you please delineate the issues you are facing in detail? Thank you.
  • 0

#12
matejbSM
Posted 18 July 2014 - 08:23 AM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Well, there's a couple. But overall, the system performance is falling rapidly

 

1.) Shutdown takes 3-5 minutes

2.) Performance is very slow (computer freezes up, programs take very long to open, webpages take 2-3 minutes to fully load)

3.) My screen has stopped working on my laptop (not sure if this is software or hardware related)

 

The first 10-30 minutes the computer is turned on after a shutdown, it seems to be working at 90% and is generally fine. However, after that, comes a rapid decline in performance which makes work on it nearly impossible. 


  • 0

#13
Valinorum
Posted 18 July 2014 - 10:29 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Acknowledged. Can you perfrom clean boot from here?
  • 0

#14
matejbSM
Posted 19 July 2014 - 01:08 PM

matejbSM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yup, I did the clean boot. It speeds up start-up time considerably, but has no real effect on the system performance (except for the 1st 10-30 minutes being slightly quicker, as I mentioned.)


  • 0

#15
Valinorum
Posted 21 July 2014 - 11:13 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Once again, my apology for the delay. This is a strange situation. Let's check deeper. After that we will bring on the big guns if necessary.
  • Step # 1Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Step # 3Scan with Farbar Service Scanner
    • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
      Download Link
    • Right-click and choose Run as Administrator;
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
 
  • Required Log(s):
    • FRST Logs --
      • FRST.txt
      • Addition.txt
    • FSS.txt
Regards,
Valinorum
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP