Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser redirect then Facebook Hack [Solved]

Started by bg111 , Sep 30 2014 02:08 PM

  • This topic is locked This topic is locked

#1
bg111
Posted 30 September 2014 - 02:08 PM

bg111

    Member

  • Member
  • PipPipPip
  • 118 posts

Hi

 

A few weeks ago my browser redirected a few times so I ran MBam and thought I had gotten rid of it. Tonight I was locked out of Facebook because it had been attempted to be accessed from China using my password. I ran MBam again and restarted the computer to run it again, to check and its always finding things. So I'm worried there is more going on now.

 

 

 

OTL logfile created on: 30/09/2014 20:56:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.95 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 73.00% Memory free
15.91 Gb Paging File | 13.58 Gb Available in Paging File | 85.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 56.07 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
 
Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Downloads\OTL.exe
PRC - [2014/09/24 21:32:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/23 05:32:10 | 001,523,392 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/09/23 05:32:08 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/09/23 05:32:06 | 001,938,112 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/09/17 03:15:08 | 002,460,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/31 19:35:59 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/08/08 10:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/07/22 21:46:06 | 003,356,480 | ---- | M] () -- C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/07/02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/14 14:19:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2012/01/04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/16 03:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/06/11 17:40:38 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/05/25 07:13:44 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
PRC - [2010/05/06 11:38:58 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/30 20:10:48 | 000,043,008 | ---- | M] () -- c:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnmiob.dll
MOD - [2014/09/30 20:10:35 | 000,027,136 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_multiprocessing.pyd
MOD - [2014/09/30 20:10:35 | 000,007,168 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\hashobjs_ext.pyd
MOD - [2014/09/30 20:10:34 | 000,805,888 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._gdi_.pyd
MOD - [2014/09/30 20:10:33 | 001,160,704 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_ssl.pyd
MOD - [2014/09/30 20:10:33 | 000,811,008 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._windows_.pyd
MOD - [2014/09/30 20:10:33 | 000,713,216 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_hashlib.pyd
MOD - [2014/09/30 20:10:33 | 000,110,080 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\PyWinTypes27.dll
MOD - [2014/09/30 20:10:33 | 000,070,656 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._html2.pyd
MOD - [2014/09/30 20:10:33 | 000,025,600 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32pdh.pyd
MOD - [2014/09/30 20:10:33 | 000,024,064 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32pipe.pyd
MOD - [2014/09/30 20:10:32 | 001,062,400 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._controls_.pyd
MOD - [2014/09/30 20:10:32 | 000,686,080 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\unicodedata.pyd
MOD - [2014/09/30 20:10:31 | 000,127,488 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\pyexpat.pyd
MOD - [2014/09/30 20:10:31 | 000,038,912 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32inet.pyd
MOD - [2014/09/30 20:10:31 | 000,018,432 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32event.pyd
MOD - [2014/09/30 20:10:31 | 000,017,408 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32profile.pyd
MOD - [2014/09/30 20:10:31 | 000,010,240 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\select.pyd
MOD - [2014/09/30 20:10:30 | 000,525,640 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\windows._lib_cacheinvalidation.pyd
MOD - [2014/09/30 20:10:30 | 000,167,936 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32gui.pyd
MOD - [2014/09/30 20:10:30 | 000,128,512 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_elementtree.pyd
MOD - [2014/09/30 20:10:30 | 000,119,808 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32file.pyd
MOD - [2014/09/30 20:10:30 | 000,108,544 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32security.pyd
MOD - [2014/09/30 20:10:30 | 000,087,552 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_ctypes.pyd
MOD - [2014/09/30 20:10:29 | 000,557,056 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\pysqlite2._sqlite.pyd
MOD - [2014/09/30 20:10:29 | 000,320,512 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32com.shell.shell.pyd
MOD - [2014/09/30 20:10:29 | 000,098,816 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32api.pyd
MOD - [2014/09/30 20:10:29 | 000,045,568 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\_socket.pyd
MOD - [2014/09/30 20:10:28 | 000,022,528 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32ts.pyd
MOD - [2014/09/30 20:10:27 | 001,175,040 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._core_.pyd
MOD - [2014/09/30 20:10:27 | 000,364,544 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\pythoncom27.dll
MOD - [2014/09/30 20:10:27 | 000,078,336 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._animate.pyd
MOD - [2014/09/30 20:10:26 | 000,735,232 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._misc_.pyd
MOD - [2014/09/30 20:10:26 | 000,122,368 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\wx._wizard.pyd
MOD - [2014/09/30 20:10:26 | 000,011,264 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32crypt.pyd
MOD - [2014/09/30 20:10:22 | 000,035,840 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI19322\win32process.pyd
MOD - [2014/09/24 21:32:20 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/23 05:32:22 | 002,226,880 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/09/23 05:32:10 | 000,679,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/12 21:47:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6786db3a5253630b759c71e0d602eaa1\IAStorUtil.ni.dll
MOD - [2014/09/12 21:47:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b3131ca726aaef63c3306c2a7636449f\IAStorCommon.ni.dll
MOD - [2014/09/12 07:45:50 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll
MOD - [2014/09/12 07:45:46 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll
MOD - [2014/09/12 07:45:27 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/12 07:45:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/12 07:45:20 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/12 07:45:18 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/12 07:45:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll
MOD - [2014/09/12 07:45:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/12 07:44:47 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/05 00:29:26 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/09/03 20:28:16 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/08/21 19:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/08/21 19:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/08/21 19:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/08/21 19:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/08/21 19:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/07/22 21:46:06 | 003,356,480 | ---- | M] () -- C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/17 03:14:56 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/09/17 03:14:52 | 019,439,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/24 21:32:29 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 05:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/09 20:51:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/14 14:19:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/16 03:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/16 02:34:20 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/06/11 17:40:38 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/05/25 07:13:44 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe -- (MboxAudioDevMon)
SRV - [2010/05/06 11:38:58 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/17 03:14:52 | 000,019,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/04 20:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/09 19:50:43 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 23:00:48 | 000,726,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/05 12:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/01/04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/05 20:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/17 18:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/06/22 19:19:26 | 000,031,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV:64bit: - [2010/06/22 19:19:24 | 000,192,528 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2.sys -- (DGUSBAP)
DRV:64bit: - [2010/06/16 05:57:56 | 000,021,520 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2009/12/23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcspecialist.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/15 11:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/24 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 21:32:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/24 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 21:32:18 | 000,000,000 | ---D | M]
 
[2012/11/16 22:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2014/07/16 21:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default\extensions
[2014/09/24 21:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/24 21:32:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Amazon Music] C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10668C1B-D881-44F6-8A5D-E5960D3D1A2F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/25 21:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Soundcloud
[2014/09/24 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/17 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\The Cinematic Orchestra
[2014/09/13 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\ScummVM
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/30 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/30 20:44:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/09/30 20:44:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2014/09/30 20:18:27 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 20:18:27 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 20:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/30 20:14:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/30 20:13:20 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/30 20:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/30 20:09:49 | 2110,939,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/18 07:40:48 | 000,001,009 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/18 07:40:44 | 000,000,973 | ---- | M] () -- C:\Users\Ben\Desktop\Dropbox.lnk
[2014/09/13 13:53:50 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword - Shadow of the Templars.lnk
[2014/09/11 22:28:36 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 22:28:36 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 22:28:36 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 22:28:31 | 000,766,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/11 22:28:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/13 13:53:50 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword - Shadow of the Templars.lnk
[2013/12/14 14:19:09 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/14 14:19:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/01 14:07:15 | 000,012,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\alsoft.ini
[2013/07/27 08:44:01 | 000,000,117 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\WB.CFG
[2013/06/16 21:44:05 | 000,000,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\WBPU-TTL.DAT
[2013/05/19 09:50:55 | 000,000,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\BCT-TTL.DAT
[2013/05/15 11:44:51 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/05/15 11:44:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/05/15 11:44:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/05/15 11:44:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/05/15 11:44:43 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/05/15 11:44:43 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/05/15 11:44:43 | 000,001,986 | ---- | C] () -- C:\Windows\unins000.dat
[2012/12/29 20:49:13 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012/12/29 20:49:13 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2012/10/09 19:45:49 | 000,766,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/09 18:40:42 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/09 18:40:41 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/10/09 18:40:41 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/09 18:40:41 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/09 18:34:56 | 000,057,747 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/09 18:34:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/09 18:34:01 | 000,040,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/13 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Amazon
[2013/05/15 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Babylon
[2013/05/15 11:44:44 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\CDXReader
[2013/05/15 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Codec Pack Packages
[2012/12/02 17:54:39 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Digidesign
[2014/08/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DigitalSites
[2014/09/30 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Dropbox
[2014/08/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DSite
[2013/12/01 14:14:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\FEZ
[2013/05/03 23:48:50 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\FileOpen
[2012/11/17 15:18:35 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\fltk.org
[2014/05/11 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2013/05/15 11:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LavFilters
[2013/05/03 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LoneSurvivor
[2013/05/03 23:48:50 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Nitro
[2014/03/29 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Oracle
[2014/09/01 21:17:17 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Origin
[2012/11/17 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\PACE Anti-Piracy
[2014/09/08 21:40:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\PrimoPDF
[2012/11/17 13:52:03 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Propellerhead Software
[2014/04/25 19:25:15 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Publish Providers
[2014/09/13 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ScummVM
[2014/04/23 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Sony
[2014/04/24 20:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Sony Creative Software Inc
[2014/09/05 21:24:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Spotify
[2014/04/23 20:44:03 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Titler
[2013/01/06 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\To the Moon - Freebird Games
[2012/11/17 12:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Trillium Lane
[2013/08/22 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1131 bytes -> C:\ProgramData\Microsoft:0J5RonOdw8Bya00GRy
@Alternate Data Stream - 1104 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:hGl1g6FsbAS8IkTZ8L4zg7Z
@Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:Bz8MMHAJyJopuT6tsLMAK9BEBZf

< End of report >
 


  • 0

Advertisements

#2
Biscuithd
Posted 04 October 2014 - 07:32 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry that it has taken so long to respond. Sometimes we get very busy and this is one of those times. Very sorry :)

 

Do you still require help?  If so, let me know and I will assess you log. :thumbsup:

 

(The Facebook issue. Sometimes, through means other than your personal computer, you Facebook ID is either discovered or guessed. The perpetrator continues to guess your password until they lock you out. Again, this would be from outside your personal computer. This is why we recommend frequent password changes for ALL your accounts.)


  • 0

#3
bg111
Posted 04 October 2014 - 08:31 AM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Hi. Thanks for getting back to me. I would still like you to help check my computer, just in case something is on here.


  • 0

#4
Biscuithd
Posted 04 October 2014 - 08:40 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I sure will, just wanted to be sure you hadn't solved the problem on your own. :)

Give me the remainder of the day and I'll get back to you.
  • 0

#5
Biscuithd
Posted 05 October 2014 - 08:13 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    
:Commands

[SetRestorePoint]



:otl

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



:Commands

[EmptyTemp]

[ResetHosts]

[Reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 
JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;

    process;

    services-list;

    systemspecs;

    startupall;

    skipfix-iedefaults;

    firefoxlook;

    chromelook;

    filesrcm;

    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

Finely, after all the other scans are done, please rescan with OTL as you originally did and post the OTL.txt file for me.

 

 


  • 0

#6
bg111
Posted 05 October 2014 - 10:17 AM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Ok then. I just ran scans, i did'nt do anything else:

 

 

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]> in the current context!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru deleted successfully.
C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ben
->Temp folder emptied: 703033005 bytes
->Temporary Internet Files folder emptied: 434543354 bytes
->Java cache emptied: 361131 bytes
->FireFox cache emptied: 431562550 bytes
->Flash cache emptied: 216190 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 705251948 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,210.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10052014_162237

Files\Folders moved on Reboot...
File move failed. C:\Users\Ben\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a80f_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Ben\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a80f_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Ben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

# AdwCleaner v3.311 - Report created 05/10/2014 at 16:33:17
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ben - BEN-PC
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default\invalidprefs.js
File Found : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default\user.js
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Ben\AppData\Roaming\Babylon
Folder Found : C:\Users\Ben\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Ben\AppData\Roaming\DSite

***** [ Scheduled Tasks ] *****

Task Found : Digital Sites
Task Found : DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : HKLM\SOFTWARE\ae888ce669e513
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-GB)

[ File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default\prefs.js ]

Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "a8febe9b0000000000003085a9901684");
Line Found : user_pref("extensions.delta.instlDay", "15840");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.16.1611:44:40");
Line Found : user_pref("extensions.delta.vrsni", "1.8.16.16");

*************************

AdwCleaner[R0].txt - [3404 octets] - [05/10/2014 16:33:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3464 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ben on 05/10/2014 at 16:39:59.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\dsite.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\dsite"



~~~ FireFox

Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\w9pzf8xa.default\user.js
Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\w9pzf8xa.default\invalidprefs.js
Successfully deleted the following from C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\w9pzf8xa.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "a8febe9b0000000000003085a9901684");
user_pref("extensions.delta.instlDay", "15840");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1611:44:40");
user_pref("extensions.delta.vrsni", "1.8.16.16");
Emptied folder: C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\w9pzf8xa.default\minidumps [368 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/10/2014 at 16:41:35.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Zoek.exe v5.0.0.0 Updated 04-October-2014
Tool run by Ben on 05/10/2014 at 16:50:43.25.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ben\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

05/10/2014 16:54:12 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 15 Plugin  
Adobe Photoshop 6.0  
Adobe Reader XI (11.0.08)  
Alan Wake  
Amazon MP3 Downloader 1.0.17  
Amazon Music  
Amnesia: A Machine for Pigs  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Assassin's Creed II  
Avid Audio Drivers (x64)  
Avid Mbox Driver 1.0.18 (x64)  
Avid Mbox Mini Driver 1.0.4 (x64)  
Avid Mbox Pro Driver 1.0.10 (x64)  
Avid Pro Tools Creative Collection 8.0.4  
Avid Pro Tools LE 8.0.4  
AviSynth 2.5  
BioShock Infinite  
Bonjour  
BookSmart© 3.4.3 3.4.3  
Broken Sword - Shadow of the Templars  
Closure  
Codec Pack Packages  
CoolingTech version 2.0  
D3DX10  
Dark Fall 2: Lights Out  
Dark Fall: Lost Souls  
DC-Bass Source 1.3.0  
Deadlight  
Digidesign ElevenRack Driver 1.0.8 (x64)  
DirectVobSub 2.40.4209  
Dishonored  
DivX Setup  
Dropbox  
Dual-Core Optimizer  
DVD Architect Studio 5.0  
Far Cry© 3  
Far Cry© 3 Blood Dragon  
FEZ  
ffdshow v1.1.4399 [2012-03-22]  
Fraps  
Free DigiRack Plug-Ins 8.0.3  
Freemake Video Converter version 4.1.3  
Gabriel Knight 3  
Gemini Rue  
Google Drive  
Google Earth  
Google Update Helper  
Grand Theft Auto: Episodes from Liberty City  
Haali Media Splitter  
Home  
Hotline Miami  
ImgBurn  
Intel® Control Center  
Intel® Management Engine Components  
Intel® OpenCL CPU Runtime  
Intel® Rapid Storage Technology  
Intel® USB 3.0 eXtensible Host Controller Driver  
Intel© Trusted Connect Service Client  
Intel© Watchdog Timer Driver (Intel© WDT)  
Interlok driver setup x64  
iTunes  
iZotope Audio Enhancer  
Java 7 Update 55  
Java Auto Updater  
Java SE Development Kit 7 Update 51 (64-bit)  
Junk Mail filter update  
Lagarith Lossless Codec (1.3.27)  
LAME v3.99.3 (for Windows)  
Legend of Grimrock  
Lone Survivor  
M-Audio Delta 6.0.8 (x64)  
Machinarium  
MAGIX Media Manager silver  
MAGIX mp3 maker titanium 2004  
Malwarebytes Anti-Malware version 2.0.2.1012  
Mass Effect 2  
Mesh Runtime  
Messenger Companion  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Games for Windows - LIVE Redistributable  
Microsoft Games for Windows Marketplace  
Microsoft Image Composite Editor  
Microsoft Office  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office Home and Student 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Movie Studio Platinum 12.0 (64-bit)  
Mozilla Firefox 32.0.3 (x86 en-GB)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT Redists  
MSVCRT_amd64  
Music Tag  
NewBlue VideoFX for Sony Vegas MSPPS  
NVIDIA 3D Vision Controller Driver 340.50  
NVIDIA 3D Vision Driver 340.52  
NVIDIA Control Panel 340.52  
NVIDIA GeForce Experience 2.1.2  
NVIDIA GeForce Experience Service  
NVIDIA Graphics Driver 340.52  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA Network Service  
NVIDIA PhysX  
NVIDIA PhysX System Software 9.13.1220  
NVIDIA ShadowPlay 16.13.42  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 16.13.42  
NVIDIA Update Core  
NVIDIA Virtual Audio 1.2.25  
OpenAL  
OpenSource Flash Video Splitter 1.0.0.5  
Origin  
PCSX2 - Playstation 2 Emulator  
Photosynth 2.0110.0317.1042  
PrimoPDF -- brought to you by Nitro PDF Software  
QuickTime 7  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Reason 4.0.1  
Resonance  
Retro City RampageT  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition   
SHIELD Streaming  
SHIELD Wireless Controller Driver  
Sky Broadband  
Sound Forge Audio Studio 10.0  
Spelunky  
Spotify  
Star Wars Jedi Knight: Jedi Academy  
Steam  
T-RackS 3 Deluxe  
The Dream Machine  
The Elder Scrolls V: Skyrim  
The Lost Crown  
The Walking Dead  
The Wolf Among Us  
To the Moon  
Ubisoft Game Launcher  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
VC80CRTRedist - 8.0.50727.6195  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live Mesh  
Windows Live Mesh ActiveX Control for Remote Connections  
Windows Live Messenger  
Windows Live Messenger Companion Core  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
WinUAE 2.6.1  
Xvid Video Codec  

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Ben\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
R2 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [MboxAudioDevMon] - Mbox Audio Device Monitor - "C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe"
R2 - [MboxMiniAudioDevMon] - Mbox Mini Audio Device Monitor - "C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe"
R2 - [MboxProAudioDevMon] - Mbox Pro Audio Device Monitor - "C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"
R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
R3 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
R3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [digiSPTIService] - digiSPTIService - "C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe"
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8146 MB
CPU Info: Intel® Core™ i7-3770 CPU @ 3.40GHz
CPU Speed: 3406.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Realtek Digital Output(Optical) |
Display Adapters: NVIDIA GeForce GTX 285 | NVIDIA GeForce GTX 285 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-224BB
Ports: COM1 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  465.4GB
Hard Disks - Free: C:  61.9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/08/12 | ALASKA - 1072009
Time Zone: GMT Standard Time
Motherboard *: ASUSTeK COMPUTER INC. P8Z77-V LX
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    32.0.3
Internet Explorer Version: 11.0.9600.17280
Mozilla Firefox version: 32.0.3 (x86 en-GB)
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Ben\AppData\Local\Temp ====
2014-10-05 15:46:54    4E566FEA83FCEEAF2873702806B55006    43008    ----a-w-    C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphk1bqq.dll
2014-10-05 15:39:53    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-05 15:39:53    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\libintl3.dll
2014-10-05 15:39:53    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\pcre3.dll
2014-10-05 15:39:53    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\regex2.dll
2014-10-05 15:39:53    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-30 18:20:22    BBA80D3CAB22620A6AC9BB603386EE33    519680    ----a-w-    C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:20:55    C263F3E7E0523556964D661BC7CB9565    2048    ----a-w-    C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-30 18:20:22    8D46C7BCDF7FBAAC8666D6640ADA930E    371712    ----a-w-    C:\Windows\Sysnative\qdvd.dll
2014-09-23 20:20:55    A8A87343CAE432677D82C0BCC753D905    2048    ----a-w-    C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-21 10:16:24    2232AE1BB51A96A7381A2CA17DF12E24    12866008    ----a-w-    C:\Windows\Sysnative\drivers\nvlddmkm.sys
2014-09-21 09:44:57    1AF619620613869C07F9C147BC37520F    38048    ----a-w-    C:\Windows\Sysnative\drivers\nvvad64v.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
2014-09-30 19:48:19    9268F289F5FB0C9DDFE1D4C7832267F7    5203    ----a-w-    C:\M-Bytes No2 30-09-14.txt
2014-09-30 19:08:38    4680448CDE5E8A6D10D1A7AE8696EB09    5358    ----a-w-    C:\M-Bytes 30-09-14.txt
====== C:\Users\Ben\AppData\Roaming ======
2014-09-13 12:53:55    --------    d-----w-    C:\Users\Ben\AppData\Roaming\ScummVM
====== C:\Users\Ben ======
2014-10-05 15:38:31    978528654BA00F2870AF9AA369C41ED1    1704938    ----a-w-    C:\Users\Ben\Desktop\JRT.exe
2014-10-05 15:32:25    12EFD5FA51597F188E5DB50BE20EE597    1375089    ----a-w-    C:\Users\Ben\Desktop\AdwCleaner.exe
2014-09-30 19:54:38    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Ben\Downloads\OTL.exe

====== C: exe-files ==
2014-10-05 15:39:53    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-05 15:38:31    978528654BA00F2870AF9AA369C41ED1    1704938    ----a-w-    C:\Users\Ben\Desktop\JRT.exe
2014-10-05 15:32:25    12EFD5FA51597F188E5DB50BE20EE597    1375089    ----a-w-    C:\Users\Ben\Desktop\AdwCleaner.exe
2014-10-05 15:18:19    BE149FBFA4B72F94B08BCEC8824EA373    417416    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064ec\CoProc update.18944339.exe
2014-10-04 13:11:28    C0C5D82A1094440391E28015B6CEAFD9    4082712    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064e9\DAO.18941849.exe
2014-10-02 18:47:17    F0579C2287E6012D1335606AB1D298D7    395592    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064ab\streaming-assets-far_cry_3.18932537.exe
2014-10-02 18:47:16    9FD332357DE9A2DF4FD9F7B0C4ACCB2A    269144    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\00006493\streaming-assets-amnesia_a_machine_for_pigs.18932537.exe
2014-10-02 18:47:16    6F4E48D11EBBB567220B14E40CF204A1    272040    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064b3\streaming-assets-grand_theft_auto_iv_eflc.18932537.exe
2014-10-02 18:47:16    4EFBB957E146DF55F9302E47A90C8EBE    263040    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064ad\streaming-assets-fez.18932537.exe
2014-10-02 18:47:16    4E8DA02DACE80FB9970C71872F0EE4B3    229072    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\Packages\000064c7\streaming-assets-skyrim.18932537.exe
2014-09-30 19:54:38    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Ben\Downloads\OTL.exe
2014-09-30 19:50:04    7B2A209308EA205FB31FA7944DFF9399    22016    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\StreamingAssets\skyrim\automated_launch.exe
2014-09-30 19:45:10    EE2A5F7E9ED0CDD336F4FD3D22E40344    22528    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\StreamingAssets\far_cry_3\automated_exit.exe
2014-09-30 19:45:10    D044F9305401E406A35A454AEE341CF3    41984    ----a-w-    C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\StreamingAssets\far_cry_3\automated_launch.exe
=== C: other files ==
2014-10-05 15:46:27    DE0983FE4B830699312D35A990B3AE1B    1945    ----a-w-    C:\Users\Ben\AppData\Local\Temp\_MEI40442\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-10-05 15:46:26    82F5C942549405F61A8808D0EA0FA9E2    25575    ----a-w-    C:\Users\Ben\AppData\Local\Temp\_MEI40442\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-10-05 15:39:53    F56A319979F631C141F5FF02DF87FDB1    43563    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\prelim.bat
2014-10-05 15:39:53    EBD4370F53B1F5B77C8D24F980359F61    14845    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\get.bat
2014-10-05 15:39:53    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\TDL4.bat
2014-10-05 15:39:53    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\medfos.bat
2014-10-05 15:39:53    AA0C656F898523BEDF2DA6923197BB80    1264    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\surfvox.bat
2014-10-05 15:39:53    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-05 15:39:53    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\firefox.bat
2014-10-05 15:39:53    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-05 15:39:53    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\delorphans.bat
2014-10-05 15:39:53    4D80C7010E2CE44AB25FA25B013649E4    8085    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\mws.bat
2014-10-05 15:39:53    47EEE53FF9AD581E2490FD3D9B782001    182509    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\misc.bat
2014-10-05 15:39:53    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\ask.bat
2014-10-05 15:39:53    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\iexplore.bat
2014-10-05 15:39:53    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\delfolders.bat
2014-10-05 15:39:53    0A2D570AA8AD00090525AB6F87B7017C    9307    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\runvalues.bat
2014-10-05 15:39:53    033C39EE1AA271C9DC11FC486ED20C64    14144    ----a-w-    C:\Users\Ben\AppData\Local\Temp\jrt\chrome.bat
2014-10-04 15:03:16    740793E6B5CD357E7F598FC35910C730    48498630    ----a-w-    C:\Users\Ben\Downloads\chronicles_of_riddick_soundtrack.zip
2014-10-04 15:02:32    4129E36E9456FA49F84347A099F3B5F1    13071449    ----a-w-    C:\Users\Ben\Downloads\Syberia_tracks.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3438359483-788715594-605512005-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Spotify Web Helper"="C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Amazon Music"="C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"DigidesignMMERefresh"="C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"M-Audio Taskbar Icon"="C:\Windows\system32\DeltaIITray.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Spotify Web Helper"="C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Amazon Music"="C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Startup Folders ======================

2012-11-18 10:10:37    1009    ----a-w-    C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-11-30 21:02:21    1253    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 20:51]
C:\Windows\tasks\Digital Sites.job --a------ C:\Users\Ben\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2012 21:15]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2012 21:15]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Digital Sites" [C:\Users\Ben\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D72BEABC-BB0A-4D9D-87F3-C3D29DF59441}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [15/05/2013 11:46]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06/05/2013 09:12]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.pcspecialist.co.uk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 05/10/2014 at 16:57:05.40 ======================
 

 

 

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]> in the current context!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ben
->Temp folder emptied: 48903358 bytes
->Temporary Internet Files folder emptied: 720036 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7168636 bytes
->Flash cache emptied: 492 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 54.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10052014_170619

Files\Folders moved on Reboot...
File move failed. C:\Users\Ben\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a80f_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Ben\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a80f_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Ben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


 


  • 0

#7
Biscuithd
Posted 05 October 2014 - 10:41 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Did you reboot after Zoek was done? Regardless, reboot anyway.

Also, please rescan with otl and post the log.

Last, let me know how the computer is working now.
  • 0

#8
bg111
Posted 05 October 2014 - 11:07 AM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Well it's always seemed to be working fine, I was just concerned hat something might be happening in the background.

 

 

OTL logfile created on: 05/10/2014 18:00:29 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ben\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.95 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 60.87% Memory free
15.91 Gb Paging File | 12.85 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 61.95 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
 
Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2014/09/24 21:32:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/23 05:32:10 | 001,523,392 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/09/23 05:32:08 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/09/23 05:32:06 | 001,938,112 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/09/17 03:15:08 | 002,460,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/31 19:35:59 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/08/08 10:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/07/22 21:46:06 | 003,356,480 | ---- | M] () -- C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/07/02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/14 14:19:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2012/01/04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/16 03:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/06/11 17:40:38 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/05/25 07:13:44 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
PRC - [2010/05/06 11:38:58 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/05 17:57:20 | 000,043,008 | ---- | M] () -- c:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcpzspz.dll
MOD - [2014/10/05 17:57:15 | 001,160,704 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_ssl.pyd
MOD - [2014/10/05 17:57:15 | 000,805,888 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._gdi_.pyd
MOD - [2014/10/05 17:57:15 | 000,713,216 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_hashlib.pyd
MOD - [2014/10/05 17:57:15 | 000,110,080 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\PyWinTypes27.dll
MOD - [2014/10/05 17:57:15 | 000,027,136 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_multiprocessing.pyd
MOD - [2014/10/05 17:57:15 | 000,007,168 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\hashobjs_ext.pyd
MOD - [2014/10/05 17:57:14 | 000,811,008 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._windows_.pyd
MOD - [2014/10/05 17:57:14 | 000,070,656 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._html2.pyd
MOD - [2014/10/05 17:57:14 | 000,025,600 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32pdh.pyd
MOD - [2014/10/05 17:57:14 | 000,024,064 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32pipe.pyd
MOD - [2014/10/05 17:57:13 | 001,062,400 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._controls_.pyd
MOD - [2014/10/05 17:57:13 | 000,686,080 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\unicodedata.pyd
MOD - [2014/10/05 17:57:13 | 000,525,640 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\windows._lib_cacheinvalidation.pyd
MOD - [2014/10/05 17:57:13 | 000,167,936 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32gui.pyd
MOD - [2014/10/05 17:57:13 | 000,127,488 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\pyexpat.pyd
MOD - [2014/10/05 17:57:13 | 000,119,808 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32file.pyd
MOD - [2014/10/05 17:57:13 | 000,108,544 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32security.pyd
MOD - [2014/10/05 17:57:13 | 000,038,912 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32inet.pyd
MOD - [2014/10/05 17:57:13 | 000,018,432 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32event.pyd
MOD - [2014/10/05 17:57:13 | 000,017,408 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32profile.pyd
MOD - [2014/10/05 17:57:13 | 000,010,240 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\select.pyd
MOD - [2014/10/05 17:57:12 | 001,175,040 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._core_.pyd
MOD - [2014/10/05 17:57:12 | 000,557,056 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\pysqlite2._sqlite.pyd
MOD - [2014/10/05 17:57:12 | 000,320,512 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32com.shell.shell.pyd
MOD - [2014/10/05 17:57:12 | 000,128,512 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_elementtree.pyd
MOD - [2014/10/05 17:57:12 | 000,098,816 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32api.pyd
MOD - [2014/10/05 17:57:12 | 000,087,552 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_ctypes.pyd
MOD - [2014/10/05 17:57:12 | 000,045,568 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\_socket.pyd
MOD - [2014/10/05 17:57:12 | 000,022,528 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32ts.pyd
MOD - [2014/10/05 17:57:11 | 000,735,232 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._misc_.pyd
MOD - [2014/10/05 17:57:11 | 000,364,544 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\pythoncom27.dll
MOD - [2014/10/05 17:57:11 | 000,122,368 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._wizard.pyd
MOD - [2014/10/05 17:57:11 | 000,078,336 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\wx._animate.pyd
MOD - [2014/10/05 17:57:11 | 000,035,840 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32process.pyd
MOD - [2014/10/05 17:57:11 | 000,011,264 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\_MEI34202\win32crypt.pyd
MOD - [2014/09/24 21:32:20 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/23 05:32:22 | 002,226,880 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/09/23 05:32:10 | 000,679,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/12 21:47:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6786db3a5253630b759c71e0d602eaa1\IAStorUtil.ni.dll
MOD - [2014/09/12 21:47:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b3131ca726aaef63c3306c2a7636449f\IAStorCommon.ni.dll
MOD - [2014/09/12 07:45:50 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll
MOD - [2014/09/12 07:45:46 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll
MOD - [2014/09/12 07:45:27 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/12 07:45:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/12 07:45:20 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/12 07:45:18 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/12 07:45:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll
MOD - [2014/09/12 07:45:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/12 07:44:47 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/05 00:29:26 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/09/03 20:28:16 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/08/21 19:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/08/21 19:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/08/21 19:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/08/21 19:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/08/21 19:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/07/22 21:46:06 | 003,356,480 | ---- | M] () -- C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/17 03:14:56 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/09/17 03:14:52 | 019,439,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/24 21:32:29 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 05:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/09 20:51:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/14 14:19:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/16 03:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/16 02:34:20 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/06/11 17:40:38 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/05/25 07:13:44 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe -- (MboxAudioDevMon)
SRV - [2010/05/06 11:38:58 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/17 03:14:52 | 000,019,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/04 20:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/09 19:50:43 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 23:00:48 | 000,726,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/05 12:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/01/04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/05 20:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/17 18:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/06/22 19:19:26 | 000,031,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV:64bit: - [2010/06/22 19:19:24 | 000,192,528 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2.sys -- (DGUSBAP)
DRV:64bit: - [2010/06/16 05:57:56 | 000,021,520 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2009/12/23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcspecialist.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/15 11:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/24 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 21:32:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/24 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 21:32:18 | 000,000,000 | ---D | M]
 
[2012/11/16 22:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2014/07/16 21:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\w9pzf8xa.default\extensions
[2014/09/24 21:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/24 21:32:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/10/05 17:06:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Amazon Music] C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10668C1B-D881-44F6-8A5D-E5960D3D1A2F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/05 18:00:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\New folder
[2014/10/05 16:50:40 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/10/05 16:39:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/05 16:38:31 | 001,704,938 | ---- | C] (Thisisu) -- C:\Users\Ben\Desktop\JRT.exe
[2014/10/05 16:33:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/05 16:22:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/30 20:54:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2014/09/30 19:20:22 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 19:20:22 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 21:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Soundcloud
[2014/09/24 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/21 11:18:01 | 000,609,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/09/21 11:16:24 | 031,512,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/09/21 11:16:24 | 024,196,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/09/21 11:16:24 | 017,555,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/09/21 11:16:24 | 013,922,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/09/21 11:16:24 | 011,283,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/09/21 11:16:24 | 004,247,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/09/21 11:16:24 | 003,989,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/09/21 11:16:24 | 001,890,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434052.dll
[2014/09/21 11:16:24 | 001,539,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434052.dll
[2014/09/21 11:16:24 | 000,944,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/09/21 11:16:24 | 000,907,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/09/21 11:16:24 | 000,903,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/09/21 11:16:24 | 000,869,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/09/21 11:16:23 | 022,994,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/09/21 11:16:23 | 015,294,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/09/21 11:16:23 | 013,835,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/09/21 11:16:23 | 011,222,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/09/21 10:44:57 | 000,038,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/09/21 10:44:57 | 000,032,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/09/17 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\The Cinematic Orchestra
[2014/09/13 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\ScummVM
[2014/09/11 22:29:31 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 22:29:31 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 22:29:30 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 22:29:30 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 22:29:30 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 22:29:30 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 22:29:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 22:29:30 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 22:29:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 22:29:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 22:29:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 22:29:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 22:29:29 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 22:29:29 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 22:29:29 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 22:29:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 22:29:29 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 22:29:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 22:29:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 22:29:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 22:29:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 22:29:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 22:29:28 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 22:29:28 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 22:29:28 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 22:29:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 22:29:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 22:29:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 22:29:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 22:29:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 22:29:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 22:29:27 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 22:29:26 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 22:29:26 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 22:29:25 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 22:24:45 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 22:24:45 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/11 19:29:03 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/11 19:29:03 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/11 19:28:51 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/11 19:28:45 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/11 19:28:42 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/11 19:28:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/05 17:57:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/05 17:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/05 17:55:09 | 2110,939,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/05 17:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/05 17:44:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/10/05 17:15:03 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/05 17:15:03 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/05 17:14:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/05 17:06:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/10/05 16:49:10 | 001,290,752 | ---- | M] () -- C:\Users\Ben\Desktop\zoek.exe
[2014/10/05 16:38:35 | 001,704,938 | ---- | M] (Thisisu) -- C:\Users\Ben\Desktop\JRT.exe
[2014/10/05 16:32:31 | 001,375,089 | ---- | M] () -- C:\Users\Ben\Desktop\AdwCleaner.exe
[2014/09/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2014/09/30 20:13:20 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/25 03:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 02:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/18 07:40:48 | 000,001,009 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/18 07:40:44 | 000,000,973 | ---- | M] () -- C:\Users\Ben\Desktop\Dropbox.lnk
[2014/09/17 03:13:36 | 002,193,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/09/17 03:13:36 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/09/17 03:12:40 | 002,799,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/09/17 03:12:39 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/09/13 13:53:50 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword - Shadow of the Templars.lnk
[2014/09/11 22:28:36 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 22:28:36 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 22:28:36 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 22:28:31 | 000,766,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/11 22:28:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/09 20:51:18 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 20:51:18 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/10/05 16:49:06 | 001,290,752 | ---- | C] () -- C:\Users\Ben\Desktop\zoek.exe
[2014/10/05 16:32:25 | 001,375,089 | ---- | C] () -- C:\Users\Ben\Desktop\AdwCleaner.exe
[2014/09/13 13:53:50 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword - Shadow of the Templars.lnk
[2013/12/14 14:19:09 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/14 14:19:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/01 14:07:15 | 000,012,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\alsoft.ini
[2013/07/27 08:44:01 | 000,000,117 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\WB.CFG
[2013/06/16 21:44:05 | 000,000,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\WBPU-TTL.DAT
[2013/05/19 09:50:55 | 000,000,005 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\BCT-TTL.DAT
[2013/05/15 11:44:51 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/05/15 11:44:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/05/15 11:44:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/05/15 11:44:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/05/15 11:44:43 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/05/15 11:44:43 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/05/15 11:44:43 | 000,001,986 | ---- | C] () -- C:\Windows\unins000.dat
[2012/12/29 20:49:13 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012/12/29 20:49:13 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2012/10/09 19:45:49 | 000,766,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/09 18:40:42 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/09 18:40:41 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/10/09 18:40:41 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/09 18:40:41 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/09 18:34:56 | 000,057,747 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/09 18:34:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/09 18:34:01 | 000,040,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1131 bytes -> C:\ProgramData\Microsoft:0J5RonOdw8Bya00GRy
@Alternate Data Stream - 1104 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:hGl1g6FsbAS8IkTZ8L4zg7Z
@Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:Bz8MMHAJyJopuT6tsLMAK9BEBZf

< End of report >
 


  • 0

#9
Biscuithd
Posted 06 October 2014 - 04:34 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Well it's always seemed to be working fine

 

Good to hear!

 

Those tools gave it a nice spring cleaning and I don't see anything else concerning.

 

Just a little Facebook info. In my opinion Facebook is one of the least secure websites around. With most websites, if you don't input the correct User Id and Password, the login fails and they don't "hint" at the which, user id or password, failed. Not so with FB. If you guess the correct User ID, FB will indicate that the User ID is correct and allow you to guess the Password a few times. It will even get you half way to a password reset. Hence, hackers often run random ID generators until they get a hit on the User ID and then try to hack the reset. Sometimes they are successful, however, when they are not, it usually results in the user being locked out of their account.

 

Back to the machine. Here are two tools that you can run right now and perhaps every month or so to keep things tidy.

 

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

  
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

  • 0

#10
bg111
Posted 07 October 2014 - 04:15 PM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Ok Malwarebytes didnt find anything, ESET scanner did:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b54b0773327adf4c946ad82036e5fc79
# engine=20487
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-07 09:36:10
# local_time=2014-10-07 10:36:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2246886 84004192 0 0
# scanned=321539
# found=3
# cleaned=0
# scan_time=9282
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Ben\AppData\Roaming\Codec Pack Packages\uninstaller.exe"
sh=14810DC56829DCAB9AD47499BB60466043E148DD ft=1 fh=e9ecc738542a5ba4 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Ben\Downloads\FreemakeVideoConverterSetup.exe"
sh=13DDFA1862B74BDBBC06FC8766B36B9B73B25760 ft=1 fh=891ef6f01345cc13 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Ben\Downloads\ImgBurn_v2.5.7.exe"
 


  • 0

#11
Biscuithd
Posted 08 October 2014 - 08:13 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

You logs appear clean, so I will send you on your way! :wave:

 

However, I will leave you with some (a lot) of information. If you have any questions, please feel free to ask :)

 

Importance of Regular System Maintenance:

I advise you read both of the topics listed below. The suggestions contained them, if followed, will go a long way toward keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings, Securing Your Web Browser and Securing Your Router.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
 

  • Click on Start(Windows 7) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.

Plus check Automatic Updates is enabled.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

 


  • 0

#12
Biscuithd
Posted 09 October 2014 - 05:50 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP