Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ukquikdisplay tabs keep opening!

Started by martyvibe , Oct 09 2014 12:32 PM

  • This topic is locked This topic is locked

#1
martyvibe
Posted 09 October 2014 - 12:32 PM

martyvibe

    Member

  • Member
  • PipPip
  • 10 posts
Hi there
 
I have an issue which has worsened so much over the past few weeks that it's very quickly making my computer practically unusable (well, the internet anyway).
 
I'm having a problem much like this:
 
http://www.geekstogo...ads-popping-up/
 
A series of 'uk.quikdisplay' tabs keep opening up on Google Chrome roughly every ten seconds, pretty much rendering internet browsing a lost cause. I have Kaspersky installed and also tried Avast! but to no avail. As you can imagine, this has gone past the annoyance stage and made me almost throw my PC out the window.
 
Oh yes, by the way I am running a Cube 247 64 bit PC with Windows 7. It's about three years old but up until this point was running smoothly.
 
I have read some of the previous topics and have downloaded OTL.but even when I save it to a location, I still cant see it anywhere.
 
Problems everywhere, please help!

EDIT: OTL is working fine, don't know why it couldn't find it first. Haven't run scan yet but just waiting for heads up from the experts here before I do anything!
 
Many thanks in advance!
 

Edited by martyvibe, 09 October 2014 - 12:43 PM.

  • 0

Advertisements

#2
zep516
Posted 09 October 2014 - 04:08 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello martyvibe,

I know you you already downloaded OTL. Please run it as follows,

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Thanks
Joe :)
  • 0

#3
martyvibe
Posted 10 October 2014 - 01:28 AM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thanks for the reply Joe. I'm currently at work and I won't be able to access my PC until tomorrow, so I'll do it then.

 

Also, you say 'keep all other windows closed' when running the scan - with this malware, my internet browser will keep opening regardless every five seconds or so. Would it be advisable to run this scan in Safe Mode?

 

Thanks.


  • 0

#4
zep516
Posted 10 October 2014 - 02:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
I'd rather have it run in regular mode if you can even if the windows are open, running scans in safe mode may not show all processes etc.

Do the best you can.
  • 0

#5
martyvibe
Posted 11 October 2014 - 10:49 AM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay, all good. I run the scan and eerily enough - the pop ups seem to have stooped. For now.

 

--------------------------------------------------------------------------

 

OTL logfile created on: 10/11/2014 5:25:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrk.cube\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.93 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.60% Memory free
15.86 Gb Paging File | 13.22 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 674.19 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive D: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CUBE | User Name: Marrk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/11 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
PRC - [2014/10/07 20:44:47 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/10/07 20:43:12 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/23 05:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/21 20:27:57 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Marrk.cube\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/30 17:32:00 | 000,467,680 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2014/06/19 23:41:57 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2012/10/30 15:43:22 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012/09/17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/12/12 15:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/04/29 13:44:59 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2007/10/17 17:22:56 | 000,352,256 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/11 17:20:49 | 000,043,008 | ---- | M] () -- c:\users\marrk~1.cub\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpimyrli.dll
MOD - [2014/10/07 20:43:14 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/07 20:43:12 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/09/23 05:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/23 05:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/23 05:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/23 05:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/23 05:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/05/20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/10/24 12:59:14 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 15:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2007/10/17 17:22:56 | 000,352,256 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/07 20:43:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/26 23:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/23 19:12:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/10/30 15:43:22 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/04/29 13:44:59 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/07 20:44:44 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/10/07 20:43:17 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/10/07 20:43:17 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/10/07 20:43:17 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/10/07 20:43:17 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/10/07 20:43:17 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/10/07 20:43:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/10/07 20:43:17 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/05/13 15:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/09 15:15:25 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/11/09 15:15:25 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/10/30 15:43:48 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 23:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/06 04:13:12 | 000,280,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2010/06/30 09:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/07 14:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/02 00:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 9D 74 2B 47 85 CC 01  [binary data]
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultenginename: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"
FF - prefs.js..browser.search.order.1: "Microsoft (Bing)"
FF - prefs.js..browser.search.selectedEngine: "Microsoft (Bing)"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=AV01"
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:1.10
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.5
FF - prefs.js..extensions.enabledAddons: [email protected]:9.0.2021.112
FF - prefs.js..keyword.URL: "http://www.bing.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/07 20:43:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/04 14:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/16 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/29 13:27:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 11:36:14 | 000,010,691 | ---- | M] ()
 
[2012/02/03 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\Extensions
[2014/10/07 20:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\Firefox\Profiles\oty0yjta.default\extensions
[2014/02/18 19:33:27 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\extensions\[email protected]
[2014/02/18 19:33:27 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/10/07 20:58:45 | 000,005,830 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchplugins\bing-avast.xml
[2012/02/03 15:29:17 | 000,002,515 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchplugins\Search_Results.xml
[2014/10/07 20:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/07 16:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/02 01:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/31 20:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2011/04/02 17:26:38 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/04/02 17:26:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2014/10/07 20:43:28 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/11/04 14:56:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/21 21:30:45 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/21 21:30:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/21 21:30:45 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/21 21:30:45 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/21 21:30:45 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.10.3_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/10/05 15:50:09 | 000,002,170 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 t3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 tpractivate.adobe.newoa
O1 - Hosts: 19 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [instanteyedropper] C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe ()
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [Spotify Web Helper] C:\Users\Marrk.cube\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe (Sony)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O4 - Startup: C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B14C0620-C4F4-494D-ACCB-DA6AAEA5716E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\Shell - "" = AutoRun
O33 - MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/11 17:24:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
[2014/10/09 19:34:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marrk.cube\Documents\OTL.exe
[2014/10/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\AVAST Software
[2014/10/07 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/10/07 20:44:17 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/10/07 20:44:14 | 001,041,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/10/07 20:44:13 | 000,427,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/10/07 20:44:05 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/10/07 20:44:01 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/10/07 20:43:42 | 000,307,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/10/07 20:43:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/07 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/10/07 20:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/10/07 20:40:27 | 004,862,664 | ---- | C] (AVAST Software) -- C:\Users\Marrk.cube\Documents\avast_free_antivirus_setup_online.exe
[2014/10/07 20:28:49 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/10/07 20:28:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/07 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Local\Macromedia
[2014/10/05 15:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2014/10/05 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\Guitar Pro 6
[2014/10/05 15:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2014/09/30 19:03:23 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 19:03:23 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/27 14:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Marrk.cube\AppData\Local\EmieUserList
[2014/09/27 14:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Marrk.cube\AppData\Local\EmieSiteList
[2014/09/22 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\Audacity
[2014/09/22 20:57:07 | 022,180,353 | ---- | C] (Audacity Team                                               ) -- C:\Users\Marrk.cube\Documents\audacity-win-2.0.5.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/11 17:33:00 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/11 17:33:00 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/11 17:27:28 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/10/11 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
[2014/10/11 17:20:45 | 000,001,926 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/10/11 17:20:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/11 17:19:32 | 000,001,297 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/10/11 17:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/11 17:19:09 | 2090,160,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/09 19:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Documents\OTL.exe
[2014/10/09 19:28:16 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/09 19:12:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/09 19:00:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/10/09 18:48:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/09 18:42:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125253496-624273603-803566568-1004UA.job
[2014/10/08 19:22:16 | 000,001,776 | ---- | M] () -- C:\Users\Marrk.cube\Desktop\Safe Run for Websites.lnk
[2014/10/07 21:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125253496-624273603-803566568-1004Core.job
[2014/10/07 20:51:11 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/10/07 20:48:07 | 682,779,883 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/07 20:44:44 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/10/07 20:43:17 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/10/07 20:43:17 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/10/07 20:43:17 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/10/07 20:43:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/10/07 20:43:17 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/10/07 20:43:17 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/10/07 20:43:17 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/10/07 20:43:17 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/07 20:43:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/07 20:40:29 | 004,862,664 | ---- | M] (AVAST Software) -- C:\Users\Marrk.cube\Documents\avast_free_antivirus_setup_online.exe
[2014/10/07 20:27:09 | 001,375,089 | ---- | M] () -- C:\Users\Marrk.cube\Documents\AdwCleaner.exe
[2014/10/05 15:49:16 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2014/10/05 15:49:16 | 000,001,002 | ---- | M] () -- C:\Users\Marrk.cube\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2014/10/05 15:04:56 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/05 15:04:56 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/05 15:04:56 | 000,126,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 14:13:10 | 000,001,456 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/09/27 14:13:09 | 000,028,249 | ---- | M] () -- C:\Users\Marrk.cube\Documents\vincedunn.gif
[2014/09/27 13:43:31 | 000,023,302 | ---- | M] () -- C:\Users\Marrk.cube\Documents\nslLhw0t_400x400.jpeg
[2014/09/27 13:43:12 | 000,005,756 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Kevin_Dunn_VP.jpg
[2014/09/25 03:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 02:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/23 19:12:18 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/23 19:12:18 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/22 20:58:14 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/09/22 20:57:17 | 022,180,353 | ---- | M] (Audacity Team                                               ) -- C:\Users\Marrk.cube\Documents\audacity-win-2.0.5.exe
[2014/09/18 19:05:13 | 000,001,050 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/16 18:46:49 | 005,057,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/15 19:54:42 | 000,232,189 | ---- | M] () -- C:\Users\Marrk.cube\Documents\steelfish.zip
[2014/09/15 19:54:26 | 000,026,118 | ---- | M] () -- C:\Users\Marrk.cube\Documents\code.zip
[2014/09/15 19:35:53 | 000,213,293 | ---- | M] () -- C:\Users\Marrk.cube\Documents\true_lies.zip
[2014/09/14 17:33:03 | 1186,124,839 | ---- | M] () -- C:\Users\Marrk.cube\Desktop\MOV_0084.mp4
[2014/09/11 19:57:39 | 000,216,041 | ---- | M] () -- C:\Users\Marrk.cube\Documents\jacko.jpg
[2014/09/11 19:48:52 | 000,062,571 | ---- | M] () -- C:\Users\Marrk.cube\Documents\article-1143876-037F5890000005DC-118_468x496.jpg
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/08 19:22:16 | 000,001,776 | ---- | C] () -- C:\Users\Marrk.cube\Desktop\Safe Run for Websites.lnk
[2014/10/07 20:48:06 | 682,779,883 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/10/07 20:45:10 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/10/07 20:44:15 | 000,224,896 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/10/07 20:44:06 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/10/07 20:44:04 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/07 20:27:02 | 001,375,089 | ---- | C] () -- C:\Users\Marrk.cube\Documents\AdwCleaner.exe
[2014/10/05 15:49:16 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2014/10/05 15:49:16 | 000,001,002 | ---- | C] () -- C:\Users\Marrk.cube\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2014/09/27 14:13:09 | 000,028,249 | ---- | C] () -- C:\Users\Marrk.cube\Documents\vincedunn.gif
[2014/09/27 13:43:30 | 000,023,302 | ---- | C] () -- C:\Users\Marrk.cube\Documents\nslLhw0t_400x400.jpeg
[2014/09/27 13:43:10 | 000,005,756 | ---- | C] () -- C:\Users\Marrk.cube\Documents\Kevin_Dunn_VP.jpg
[2014/09/22 20:58:14 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/09/22 20:58:14 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/09/20 03:05:27 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/09/15 19:54:41 | 000,232,189 | ---- | C] () -- C:\Users\Marrk.cube\Documents\steelfish.zip
[2014/09/15 19:54:24 | 000,026,118 | ---- | C] () -- C:\Users\Marrk.cube\Documents\code.zip
[2014/09/15 19:35:52 | 000,213,293 | ---- | C] () -- C:\Users\Marrk.cube\Documents\true_lies.zip
[2014/09/14 22:51:30 | 1186,124,839 | ---- | C] () -- C:\Users\Marrk.cube\Desktop\MOV_0084.mp4
[2014/09/11 19:57:37 | 000,216,041 | ---- | C] () -- C:\Users\Marrk.cube\Documents\jacko.jpg
[2014/09/11 19:48:51 | 000,062,571 | ---- | C] () -- C:\Users\Marrk.cube\Documents\article-1143876-037F5890000005DC-118_468x496.jpg
[2014/04/11 19:18:44 | 000,017,408 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\WebpageIcons.db
[2014/04/10 20:57:33 | 000,001,648 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\recently-used.xbel
[2014/01/29 00:13:17 | 000,766,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/21 18:31:10 | 000,217,184 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/10 21:10:49 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/03/13 13:56:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/17 21:40:29 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/02/14 21:18:38 | 000,001,456 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/07 16:58:24 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/26 16:52:20 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/05/11 18:13:17 | 000,001,972 | ---- | C] () -- C:\Program Files\Total Tester.lnk
[2009/12/04 14:57:26 | 000,000,052 | ---- | C] () -- C:\Program Files\A+ Chap Review.bat
[2009/12/03 15:46:32 | 000,000,049 | ---- | C] () -- C:\Program Files\702.bat
[2009/12/03 15:46:14 | 000,000,049 | ---- | C] () -- C:\Program Files\701.bat
[2008/05/12 14:28:16 | 000,000,045 | ---- | C] () -- C:\Program Files\Total Tester.bat
[2000/01/30 19:25:36 | 000,155,701 | ---- | C] () -- C:\Program Files\JStart.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Marrk.cube\Documents\Time Sheet - 09052014.eml:OECustomProperty
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 
 
EXTRAS:
 

OTL Extras logfile created on: 10/11/2014 5:25:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrk.cube\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.93 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.60% Memory free
15.86 Gb Paging File | 13.22 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 674.19 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive D: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CUBE | User Name: Marrk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14D8B3DA-3B33-44ED-86F1-A6C119345604}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{17B9155E-C0F4-4196-A669-73C8AA0BB989}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2F58E426-77DE-4643-AD52-D044BFBA6441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31E37759-D7C0-4174-9B2A-3B44AF2F2613}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port | 
"{3735E183-71EF-4DCD-B655-B77794FE9775}" = lport=445 | protocol=6 | dir=in | app=system | 
"{40329235-985F-40AC-922A-A99A2CDCAFFA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4078A127-EAFD-4644-8624-F804B3C9F9A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4149BBF7-AD2F-4FA6-8434-5F93AF5A253C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{41A66ED4-D9C8-4BAA-8BFA-15055CCC7D1B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{49C78508-7DD0-40C4-B81A-F214D28C820B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4ACA502B-29F4-4EF2-9B4C-9A9C0440F355}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{627ABFD9-F251-41B4-B28F-6D0CFA6B2B4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D2D16EF-1E45-4EEE-906A-09D6243BD21E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C74B3A5-231C-4F10-9712-2F9589C4DE0E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7DA13F7A-0C05-4B33-8465-8767B2524D20}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port | 
"{84307C48-FF8D-47E3-8CA1-1DCE447ABB88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{AA2D75AB-704F-416C-800E-880A7C8361B0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AF4A1152-F332-4590-9305-DA6CD6F99848}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BB5BB5E4-8FF7-4882-BD75-8E7AFC50E85E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C1A20100-C807-4AD7-8106-C1A2485108F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD8CDA9C-5FF3-40C7-865B-DE2B00F71114}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D90839EA-1646-4412-8EFD-9C8557C4D015}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DA53672A-4B64-4F89-8626-5E4E777F37B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB4A0EC0-F099-4A48-B953-75FCB6830EA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F4E9115C-22E5-400B-BB7D-B04934568AAA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F87F6707-B07E-4406-8C16-A52406EB5A57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB029FEE-302F-45D6-BC1B-3BCA3526A900}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FDFDB001-F609-4729-9113-56DA72B5E779}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE013DBD-775B-49C5-8391-9A28CEA6F28A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00383A2F-8F19-42BA-8551-A769E47FA268}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{02146429-1B94-4FE0-ADFB-36D075312902}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"{0432CB84-3C39-4CF9-A451-23265DB0041E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0EB07A30-D9A1-4038-A214-3BE94780119E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{118627F2-7334-4D7C-A4E3-57C44D33DFEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13328C5C-F930-4FF1-80B8-F6D4EA3F5398}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{14B21352-45E4-47B0-88E1-1762A7F9C953}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C51EE87-1B8C-4356-B5C2-35024C854266}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{1D1670D6-1E71-4D74-BAFF-9233B0AB6112}" = protocol=6 | dir=in | app=c:\users\marrk.cube\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1E34466F-BFA5-4452-8303-67BC5B0F214A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{26E734F2-C067-479C-9663-D2E023DA52D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{2AF33C1D-9755-4CFE-9DFF-23F9E025E636}" = protocol=17 | dir=in | app=c:\users\marrk.cube\appdata\local\temp\7zs766a\hpdiagnosticcoreui.exe | 
"{302BE729-D27B-4F26-9648-2419A8687A3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32075A38-F59A-48DC-B723-72EE4355C371}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"{3B5C9418-A7E1-4120-B985-8C4F0552473A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3C8056F4-8DF8-4086-B351-4137F39AF3A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3CB40201-739C-4AA9-856C-938F9CBA5CB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D335FED-0424-48EC-BAA5-9C6256ED0BAC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4034ABB2-58FE-4F04-BC04-83375C3C46A2}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe | 
"{4081C958-0F71-49BE-83C6-4BEA86410C4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40A3EA58-BD7F-4F22-94BB-73567D9CF7F2}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{4232FF22-53A8-434F-B1CD-B1F67853C6C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{462A0E7C-FE32-4A50-B08C-909CC26086E8}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{46899D44-B021-4EE5-B27F-06EB85EBB1F6}" = protocol=1 | dir=out | [email protected],-28544 | 
"{46949284-FD64-4FBE-B7CC-7C3A47EB82A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4694AAE9-B2B9-4974-92C3-3D39BE2DFB9A}" = protocol=17 | dir=in | app=c:\users\stuart.wilkie\appdata\local\temp\7zs5f7b\hpdiagnosticcoreui.exe | 
"{46973090-C8A7-466D-8D1E-BBC8748CCA5B}" = protocol=6 | dir=in | app=c:\users\marrk.cube\appdata\roaming\spotify\spotify.exe | 
"{4D504018-8DD0-4A99-875F-CF2B1A86873D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{56664412-1A81-4D33-B247-0F74BCC0A728}" = protocol=58 | dir=in | [email protected],-28545 | 
"{59CE678F-7565-4158-8A4E-A83CF7132F35}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5E540E5C-A652-458F-888F-D39D06444B10}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{6077F067-28A3-4134-A1C0-5D81F823C735}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60C666C7-2D8C-4FCC-99E9-25EECE78C7DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{636286C3-AFD8-4714-A218-C66F5EF22C5D}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe | 
"{65CD0BF7-2230-499D-8CE5-05F89770B1ED}" = protocol=1 | dir=in | [email protected],-28543 | 
"{6823187D-DDD2-4A27-B7A5-2722376CBCAA}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe | 
"{7549D7C6-FF93-4C74-B93C-469E64CB0723}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75B754F9-8DB7-4A4D-8069-DF3C673E628B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7E9B5DEA-F52E-48AA-BBB3-3CB631D3EC93}" = protocol=58 | dir=out | [email protected],-28546 | 
"{83591EAA-72CB-4B99-B66B-96C54DC7C9AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8DADFF26-0736-414C-991A-7E065BE56589}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9026BCEA-FB6C-41DF-B40A-17C566AA037C}" = protocol=17 | dir=in | app=c:\users\marrk.cube\appdata\roaming\dropbox\bin\dropbox.exe | 
"{983DC60F-EDF1-42F1-8959-2F927B6BDB62}" = protocol=17 | dir=in | app=c:\users\marrk.cube\appdata\local\temp\7zs7951\hpdiagnosticcoreui.exe | 
"{9D5B3892-BB2C-4537-97C9-D30A2E7718D1}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{A06BFFD1-F024-4396-9CD4-40174FA059B1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe | 
"{A43E48C5-EE8A-4AE3-8118-8569ED9043DA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6D33BF7-832F-4BCC-9A63-42A437C04C46}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B73BE5DE-2EB7-4ABA-AF58-0C00716A0D9A}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{C67D2014-2944-4C43-98D6-6073461DA6A9}" = protocol=17 | dir=in | app=c:\users\marrk.cube\appdata\roaming\spotify\spotify.exe | 
"{CD4BC4CC-85B4-4F33-9B15-76D48E967950}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{D043C14C-EEF9-4B83-BC17-4425C2383D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D20903BC-037E-4665-A382-3BDA4D9478BA}" = protocol=6 | dir=in | app=c:\users\marrk.cube\appdata\local\temp\7zs7951\hpdiagnosticcoreui.exe | 
"{D487E07D-772D-4C6A-9C7C-A66228347831}" = protocol=6 | dir=in | app=c:\users\marrk.cube\appdata\local\temp\7zs766a\hpdiagnosticcoreui.exe | 
"{D7131C8D-9FEA-4262-BDA1-CC9B26D10EAF}" = protocol=6 | dir=out | app=system | 
"{E9662B73-A6A4-4F16-93B6-CEE748FF3E69}" = protocol=6 | dir=in | app=c:\users\stuart.wilkie\appdata\local\temp\7zs5f7b\hpdiagnosticcoreui.exe | 
"{EB1A06E7-A622-449B-ADFE-C08BE8DE7270}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EB6EB4E2-D7EF-4DEA-A3A6-DB021E3E8E27}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{F19F1167-7549-4015-9CC8-E92F9C0DC839}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.228
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.8.1
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/6/2014 2:14:06 PM | Computer Name = CUBE | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 10/6/2014 2:15:21 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/7/2014 1:54:38 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/7/2014 3:32:38 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/7/2014 3:49:49 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/7/2014 3:56:14 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/8/2014 1:41:18 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/8/2014 2:42:12 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/9/2014 1:37:34 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/11/2014 12:20:56 PM | Computer Name = cube | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 1/17/2012 1:55:41 PM | Computer Name = cube | Source = MCUpdate | ID = 0
Description = 17:55:40 - Error connecting to the internet.  17:55:40 -     Unable 
to contact server..  
 
Error - 1/17/2012 1:56:41 PM | Computer Name = cube | Source = MCUpdate | ID = 0
Description = 17:56:31 - Error connecting to the internet.  17:56:31 -     Unable 
to contact server..  
 
Error - 1/17/2012 2:57:42 PM | Computer Name = cube | Source = MCUpdate | ID = 0
Description = 18:57:42 - Error connecting to the internet.  18:57:42 -     Unable 
to contact server..  
 
Error - 1/17/2012 2:58:31 PM | Computer Name = cube | Source = MCUpdate | ID = 0
Description = 18:58:29 - Error connecting to the internet.  18:58:29 -     Unable 
to contact server..  
 
[ System Events ]
Error - 10/7/2014 3:48:57 PM | Computer Name = cube | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 10/7/2014 3:48:57 PM | Computer Name = cube | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 10/7/2014 3:49:07 PM | Computer Name = cube | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 10/7/2014 3:50:20 PM | Computer Name = cube | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
 Provider Host service which failed to start because of the following error:   %%1068
 
Error - 10/8/2014 1:41:17 PM | Computer Name = cube | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Media Player Network Sharing Service service to connect.
 
Error - 10/8/2014 1:41:17 PM | Computer Name = cube | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1053
 
Error - 10/9/2014 1:35:54 PM | Computer Name = cube | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:05:21 on ?08/?10/?2014 was unexpected.
 
Error - 10/9/2014 1:42:32 PM | Computer Name = cube | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 10/11/2014 12:19:15 PM | Computer Name = cube | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:42:46 on ?09/?10/?2014 was unexpected.
 
Error - 10/11/2014 12:25:55 PM | Computer Name = cube | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
 
< End of report >
 
 
Thanks for your help!

  • 0

#6
zep516
Posted 11 October 2014 - 02:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello martyvibe---> several things to do and address.

First

You have 2 Anti Virus programs running
  • AVAST
  • Kaspersky

    The real-time protection of two antivirus programs may conflict with each other and cause the following:

    • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

    Tell me what Anti Virus program you want to keep, and I'll provide instructions on installing the other.

    Some clean up using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38) 
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38) 
O33 - MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\Shell - "" = AutoRun
O33 - MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner


    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply to me post the following log reports:
  • The OTL Fix log, after you run the fix the computer reboots and the fix log pops up in front of you
  • AdwCleaner log after you run the clean option.
  • JRT.TXT Log
  • New OTL after a quick scan is run.
  • Thanks
    Joe :)

  • 0

#7
martyvibe
Posted 12 October 2014 - 02:58 AM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ah okay, I'll get on that some time later today.

Tell me what Anti Virus program you want to keep, and I'll provide instructions on installing the other.

I'd like to keep Kaspersky thanks. Avast was an impulse download from a week or so ago and still in it's trial period so won't really miss it.

Edited by martyvibe, 12 October 2014 - 02:59 AM.

  • 0

#8
martyvibe
Posted 12 October 2014 - 01:45 PM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Joe

 

I've managed to successfully uninstall Avast using their uninstall method (cheers Google), and I have also run the scans you requested in your previous post. Here they are...

 

OTL Fix

 

All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2125253496-624273603-803566568-1013\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5967a3d6-2a66-11e2-9d1b-0030678f9a32}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\Setup.exe not found.
File/Folder C:\Windows\SysNative\*.tmp not found.
File/Folder C:\Windows\SysNative\drivers\*.tmp not found.
File/Folder C:\Windows\SysNative\*.tmp not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marrk.cube\Desktop\cmd.bat deleted successfully.
C:\Users\Marrk.cube\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ben
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Daniel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mark
 
User: Mark.cube
 
User: Mark.cube.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marrk
 
User: Marrk.cube
->Temp folder emptied: 476405 bytes
->Temporary Internet Files folder emptied: 611172980 bytes
->Java cache emptied: 1554198 bytes
->FireFox cache emptied: 1169014613 bytes
->Google Chrome cache emptied: 360542835 bytes
->Flash cache emptied: 227876 bytes
 
User: Marrk_2
->Temp folder emptied: 24945473 bytes
->Temporary Internet Files folder emptied: 1458980 bytes
->Java cache emptied: 31236 bytes
->FireFox cache emptied: 526780916 bytes
->Flash cache emptied: 50734 bytes
 
User: Public
 
User: stuart.wilkie
->Temp folder emptied: 23036928 bytes
->Temporary Internet Files folder emptied: 1086196 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1124323326 bytes
->Flash cache emptied: 2181 bytes
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 670728351 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4,306.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10122014_191332
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk not found!
C:\Users\Marrk.cube\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marrk.cube\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
AdwCleaner
 
# AdwCleaner v4.000 - Report created 12/10/2014 at 20:16:15
# Updated 12/10/2014 by Xplode
# Database : 2014-10-12.3
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marrk - CUBE
# Running from : C:\Users\Marrk.cube\Desktop\adwcleaner_4.000.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v11.0 (en-GB)
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [20261 octets] - [07/10/2014 20:28:04]
AdwCleaner[R1].txt - [707 octets] - [12/10/2014 20:16:15]
AdwCleaner[S0].txt - [19937 octets] - [07/10/2014 20:29:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [827 octets] ##########
 
JRT.TXT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marrk on 12/10/2014 at 20:35:59.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Marrk.cube\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Marrk.cube\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\AppData\Roaming\nosibay"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Marrk.cube\appdata\locallow\searchqutoolbar"
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{05E7A482-F90E-4C5D-AEAE-A75F162BD8E6}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{1E9FFEB0-B7BC-48BE-A13B-36146659AC3C}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{25E6BFB4-762C-43EE-93AA-5168C5D30013}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{3B1CE829-A440-4A7C-A1C7-7FC2A6A8C79C}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{584ECF83-143D-42AB-8239-0D93C7E6C820}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{5B8BA48E-FB24-44CC-BF5B-02FDDDC49F61}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{67C372D1-D7E5-4059-9365-4BBF399D5578}
Successfully deleted: [Empty Folder] C:\Users\Marrk.cube\appdata\local\{70E709D9-2333-4603-AF4C-912F38C1BEB8}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchplugins\search_results.xml
Successfully deleted: [Folder] C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchqutoolbar
Successfully deleted the following from C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\prefs.js
 
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109985");
user_pref("extensions.BabylonToolbar_i.hardId", "e4d62e2e0000000000000030678f9a32");
user_pref("extensions.BabylonToolbar_i.id", "e4d62e2e0000000000000030678f9a32");
user_pref("extensions.BabylonToolbar_i.instlDay", "15373");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:20:39");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/10/2014 at 20:39:54.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
OTL Quick Scan log
 
OTL logfile created on: 10/12/2014 8:23:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrk.cube\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.93 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 78.33% Memory free
15.86 Gb Paging File | 14.16 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 683.40 Gb Free Space | 73.37% Space Free | Partition Type: NTFS
Drive D: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CUBE | User Name: Marrk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/11 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
PRC - [2014/09/21 20:27:57 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Marrk.cube\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/01 16:43:40 | 000,468,192 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2014/06/19 23:41:57 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2012/10/30 15:43:22 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/12/12 15:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/04/29 13:44:59 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2007/10/17 17:22:56 | 000,352,256 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/12 20:22:08 | 000,043,008 | ---- | M] () -- c:\users\marrk~1.cub\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp98obyi.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/05/20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/10/24 12:59:14 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 15:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2007/10/17 17:22:56 | 000,352,256 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Start_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/26 23:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/23 19:12:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 13:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/10/30 15:43:22 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/04/29 13:44:59 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/07 20:43:17 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/05/13 15:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/09 15:15:25 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/11/09 15:15:25 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/10/30 15:43:48 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 23:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/06 04:13:12 | 000,280,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2010/06/30 09:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/07 14:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/02 00:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 9D 74 2B 47 85 CC 01  [binary data]
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2125253496-624273603-803566568-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultenginename: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"
FF - prefs.js..browser.search.order.1: "Microsoft (Bing)"
FF - prefs.js..browser.search.selectedEngine: "Microsoft (Bing)"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=AV01"
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:1.10
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.5
FF - prefs.js..extensions.enabledAddons: [email protected]:9.0.2021.112
FF - prefs.js..keyword.URL: "http://www.bing.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/30 15:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/04 14:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/16 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/29 13:27:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 11:36:14 | 000,010,691 | ---- | M] ()
 
[2012/02/03 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\Extensions
[2014/10/07 20:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\Firefox\Profiles\oty0yjta.default\extensions
[2014/02/18 19:33:27 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\extensions\[email protected]
[2014/02/18 19:33:27 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/10/07 20:58:45 | 000,005,830 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchplugins\bing-avast.xml
[2012/02/03 15:29:17 | 000,002,515 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\mozilla\firefox\profiles\oty0yjta.default\searchplugins\Search_Results.xml
[2014/10/07 20:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/07 16:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/02 01:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/31 20:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2011/04/02 17:26:38 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/04/02 17:26:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/10/30 15:43:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/11/04 14:56:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/21 21:30:45 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/21 21:30:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/21 21:30:45 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/21 21:30:45 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/21 21:30:45 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.10.3_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: No name found = C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/10/12 20:03:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [instanteyedropper] C:\Users\Marrk.cube\Documents\Paraphernalia\InstantEyedropper\InstantEyedropper.exe ()
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-2125253496-624273603-803566568-1013..\Run: [Spotify Web Helper] C:\Users\Marrk.cube\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marrk.cube\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B14C0620-C4F4-494D-ACCB-DA6AAEA5716E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2125253496-624273603-803566568-1013\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/12 18:25:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/11 17:24:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
[2014/10/09 19:34:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marrk.cube\Documents\OTL.exe
[2014/10/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\AVAST Software
[2014/10/07 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/10/07 20:40:27 | 004,862,664 | ---- | C] (AVAST Software) -- C:\Users\Marrk.cube\Documents\avast_free_antivirus_setup_online.exe
[2014/10/07 20:28:49 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/10/07 20:28:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/07 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Local\Macromedia
[2014/10/05 15:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2014/10/05 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\Guitar Pro 6
[2014/10/05 15:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2014/09/27 14:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Marrk.cube\AppData\Local\EmieUserList
[2014/09/27 14:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Marrk.cube\AppData\Local\EmieSiteList
[2014/09/22 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Marrk.cube\AppData\Roaming\Audacity
[2014/09/22 20:57:07 | 022,180,353 | ---- | C] (Audacity Team                                               ) -- C:\Users\Marrk.cube\Documents\audacity-win-2.0.5.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/12 20:22:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/12 20:22:37 | 000,001,926 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/10/12 20:21:34 | 000,001,297 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/10/12 20:21:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/12 20:21:12 | 2090,160,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/12 20:18:16 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/12 20:18:16 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/12 20:15:14 | 001,976,320 | ---- | M] () -- C:\Users\Marrk.cube\Desktop\adwcleaner_4.000.exe
[2014/10/12 20:12:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/12 20:03:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/10/12 19:47:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/12 19:07:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/10/12 19:00:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/10/12 18:56:32 | 850,284,523 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/12 18:42:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125253496-624273603-803566568-1004UA.job
[2014/10/11 20:19:25 | 000,000,132 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/10/11 17:27:28 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/10/11 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Desktop\OTL (1).exe
[2014/10/09 19:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrk.cube\Documents\OTL.exe
[2014/10/09 19:28:16 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/08 19:22:16 | 000,001,776 | ---- | M] () -- C:\Users\Marrk.cube\Desktop\Safe Run for Websites.lnk
[2014/10/07 21:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125253496-624273603-803566568-1004Core.job
[2014/10/07 20:43:17 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/07 20:40:29 | 004,862,664 | ---- | M] (AVAST Software) -- C:\Users\Marrk.cube\Documents\avast_free_antivirus_setup_online.exe
[2014/10/07 20:27:09 | 001,375,089 | ---- | M] () -- C:\Users\Marrk.cube\Documents\AdwCleaner.exe
[2014/10/05 15:49:16 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2014/10/05 15:49:16 | 000,001,002 | ---- | M] () -- C:\Users\Marrk.cube\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2014/10/05 15:04:56 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/05 15:04:56 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/05 15:04:56 | 000,126,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 14:13:10 | 000,001,456 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/09/27 14:13:09 | 000,028,249 | ---- | M] () -- C:\Users\Marrk.cube\Documents\vincedunn.gif
[2014/09/27 13:43:31 | 000,023,302 | ---- | M] () -- C:\Users\Marrk.cube\Documents\nslLhw0t_400x400.jpeg
[2014/09/27 13:43:12 | 000,005,756 | ---- | M] () -- C:\Users\Marrk.cube\Documents\Kevin_Dunn_VP.jpg
[2014/09/22 20:58:14 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/09/22 20:57:17 | 022,180,353 | ---- | M] (Audacity Team                                               ) -- C:\Users\Marrk.cube\Documents\audacity-win-2.0.5.exe
[2014/09/18 19:05:13 | 000,001,050 | ---- | M] () -- C:\Users\Marrk.cube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/16 18:46:49 | 005,057,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/15 19:54:42 | 000,232,189 | ---- | M] () -- C:\Users\Marrk.cube\Documents\steelfish.zip
[2014/09/15 19:54:26 | 000,026,118 | ---- | M] () -- C:\Users\Marrk.cube\Documents\code.zip
[2014/09/15 19:35:53 | 000,213,293 | ---- | M] () -- C:\Users\Marrk.cube\Documents\true_lies.zip
[2014/09/14 17:33:03 | 1186,124,839 | ---- | M] () -- C:\Users\Marrk.cube\Desktop\MOV_0084.mp4
 
========== Files Created - No Company Name ==========
 
[2014/10/12 20:15:05 | 001,976,320 | ---- | C] () -- C:\Users\Marrk.cube\Desktop\adwcleaner_4.000.exe
[2014/10/12 19:07:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2014/10/08 19:22:16 | 000,001,776 | ---- | C] () -- C:\Users\Marrk.cube\Desktop\Safe Run for Websites.lnk
[2014/10/07 20:48:06 | 850,284,523 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/10/07 20:44:04 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/07 20:27:02 | 001,375,089 | ---- | C] () -- C:\Users\Marrk.cube\Documents\AdwCleaner.exe
[2014/10/05 15:49:16 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2014/10/05 15:49:16 | 000,001,002 | ---- | C] () -- C:\Users\Marrk.cube\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2014/09/27 14:13:09 | 000,028,249 | ---- | C] () -- C:\Users\Marrk.cube\Documents\vincedunn.gif
[2014/09/27 13:43:30 | 000,023,302 | ---- | C] () -- C:\Users\Marrk.cube\Documents\nslLhw0t_400x400.jpeg
[2014/09/27 13:43:10 | 000,005,756 | ---- | C] () -- C:\Users\Marrk.cube\Documents\Kevin_Dunn_VP.jpg
[2014/09/22 20:58:14 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/09/22 20:58:14 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/09/20 03:05:27 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/09/15 19:54:41 | 000,232,189 | ---- | C] () -- C:\Users\Marrk.cube\Documents\steelfish.zip
[2014/09/15 19:54:24 | 000,026,118 | ---- | C] () -- C:\Users\Marrk.cube\Documents\code.zip
[2014/09/15 19:35:52 | 000,213,293 | ---- | C] () -- C:\Users\Marrk.cube\Documents\true_lies.zip
[2014/09/14 22:51:30 | 1186,124,839 | ---- | C] () -- C:\Users\Marrk.cube\Desktop\MOV_0084.mp4
[2014/04/11 19:18:44 | 000,017,408 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\WebpageIcons.db
[2014/04/10 20:57:33 | 000,001,648 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\recently-used.xbel
[2014/01/29 00:13:17 | 000,766,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/21 18:31:10 | 000,217,184 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/10 21:10:49 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/03/13 13:56:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/17 21:40:29 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/02/14 21:18:38 | 000,001,456 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/07 16:58:24 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/26 16:52:20 | 000,000,132 | ---- | C] () -- C:\Users\Marrk.cube\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/05/11 18:13:17 | 000,001,972 | ---- | C] () -- C:\Program Files\Total Tester.lnk
[2009/12/04 14:57:26 | 000,000,052 | ---- | C] () -- C:\Program Files\A+ Chap Review.bat
[2009/12/03 15:46:32 | 000,000,049 | ---- | C] () -- C:\Program Files\702.bat
[2009/12/03 15:46:14 | 000,000,049 | ---- | C] () -- C:\Program Files\701.bat
[2008/05/12 14:28:16 | 000,000,045 | ---- | C] () -- C:\Program Files\Total Tester.bat
[2000/01/30 19:25:36 | 000,155,701 | ---- | C] () -- C:\Program Files\JStart.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/03 22:15:31 | 000,000,000 | ---D | M] -- C:\Users\ben\AppData\Roaming\Childish Things
[2012/02/03 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\ben\AppData\Roaming\Garmin
[2012/02/03 22:12:32 | 000,000,000 | ---D | M] -- C:\Users\ben\AppData\Roaming\PC Suite
[2011/04/29 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Childish Things
[2012/12/31 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Garmin
[2011/04/29 17:36:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Suite
[2014/09/08 15:09:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2012/06/16 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Utherverse
[2011/07/20 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
[2011/06/11 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\Mark.cube.000\AppData\Roaming\PC Suite
[2011/07/26 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Mark.cube.000\AppData\Roaming\uTorrent
[2014/09/22 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Audacity
[2014/10/12 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\AVAST Software
[2012/02/03 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Babylon
[2011/08/26 16:35:13 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/01/17 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Childish Things
[2012/05/14 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2014/10/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Dropbox
[2012/05/20 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Easy Thumbnails
[2014/06/04 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\FileZilla
[2011/11/13 17:08:05 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Garmin
[2014/10/05 15:51:39 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Guitar Pro 6
[2012/05/08 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\No Company Name
[2014/02/13 13:21:42 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Notepad++
[2011/10/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\PC Suite
[2014/10/01 21:07:05 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Spotify
[2011/08/26 16:39:25 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/16 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\svBuilder
[2012/10/26 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\Marrk.cube\AppData\Roaming\Windows Live Writer
[2011/04/25 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Marrk_2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/30 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Marrk_2\AppData\Roaming\Childish Things
[2011/04/30 14:00:35 | 000,000,000 | ---D | M] -- C:\Users\Marrk_2\AppData\Roaming\PC Suite
[2011/12/11 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\stuart.wilkie\AppData\Roaming\Garmin
[2011/10/09 12:49:25 | 000,000,000 | ---D | M] -- C:\Users\stuart.wilkie\AppData\Roaming\PC Suite
[2011/12/11 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\stuart.wilkie\AppData\Roaming\Product_RM
[2012/04/21 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\stuart.wilkie\AppData\Roaming\Registry Mechanic
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Marrk.cube\Documents\Time Sheet - 09052014.eml:OECustomProperty
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 
-----------------------------------------
 
Ever since running these scans...the tabs seem to have stopped appearing for now. Fingers crossed! Many thanks!

  • 0

#9
zep516
Posted 12 October 2014 - 01:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Stick with me until I say we are done.

Lets run an online scan called ESET. This scan may take quite a while so be prepared for that.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
In your next follow up to me:

Post the ESET scan results log report.

Thanks
Joe :)
  • 0

#10
martyvibe
Posted 13 October 2014 - 09:19 AM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Nice one. I'm currently at work, will get round to this later this evening.


  • 0

Advertisements

#11
martyvibe
Posted 13 October 2014 - 05:03 PM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here ye go...

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f35247a66b03c341810df301c7253675
# engine=20577
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-13 10:59:30
# local_time=2014-10-13 11:59:30 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1285 16777213 100 98 18711 109889082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 106551 165706220 0 0
# scanned=303269
# found=44
# cleaned=0
# scan_time=8065
sh=AB3F728ACAE000AB49DD1CCD3DB80DB7D9463AFA ft=1 fh=aade3cb16bf4a690 vn="Win64/Adware.Adpeak.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SavingsbullFilter\Installbat64.dll.vir"
sh=9CA71C727934861E9351AF97CC28CEA38811B07C ft=1 fh=15a0a042e9313939 vn="a variant of Win32/AdWare.Adpeak.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SavingsbullFilter\netfilter64.sys.vir"
sh=EC07AAF65632ED729B0E5A9D94BEAA66BD2A1EB2 ft=1 fh=0584d299fef2ae77 vn="Win64/Adware.Adpeak.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe.vir"
sh=1B2E938EAEA27B990355B6C3DB6C1C1A9F33BFB4 ft=1 fh=c71c0011ddfe20fa vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir"
sh=7A18C5B083B2038CB2DE877694085DF633F40C46 ft=1 fh=c71c0011b1f6426d vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir"
sh=AC056A6D25E04155BA23BF34670C3E6D2A85B248 ft=1 fh=c71c0011bbd638b2 vn="a variant of Win32/Toolbar.Babylon.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir"
sh=C02A094933FD68AE44EAE0EA249EB6A981353C91 ft=1 fh=1cff81f31528b9a9 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir"
sh=9E60FE40C5BA463780413D5D22446858015EFF4B ft=1 fh=b2e9a257c367f009 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=1E06EAF7962A2F856A1211ECC5F89BE8969FF38D ft=1 fh=cd3f7f9561f0cd7d vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir"
sh=63348F6898C0230C502312A2B78773CE3589F82A ft=1 fh=21fcabd1c936835e vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir"
sh=B511326C680330DB78356ADF0B4F8CB014BF6DEC ft=1 fh=ba170aff41e1fc75 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir"
sh=FCD69C3CCAE028062D5FE176EC4E682B361DCDB2 ft=1 fh=b65b92e511853de8 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir"
sh=4F5FC48D77470982805ED54E63D1C513FA920C5A ft=1 fh=fe80b8462aa03789 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=4A40271E90E2E6659BB9721BD348F74BCDFA266B ft=1 fh=13bf6ef048a55c7b vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll.vir"
sh=3CA362999E79D49F63B55C4B3E8FB8DD444F3098 ft=1 fh=d3d4595a539d0352 vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll.vir"
sh=9CA71C727934861E9351AF97CC28CEA38811B07C ft=1 fh=15a0a042e9313939 vn="a variant of Win32/AdWare.Adpeak.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=7E6F2BE11C99FA33970782D197E9C0B9AF2EBF99 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BH potentially unsafe application" ac=I fn="C:\Program Files (x86)\Adobe CS5 Master Collection\KEYGEN.rar"
sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\temp\InstallFilter64.msi"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\temp\t.msi"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\ben\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\ben\AppData\LocalLow\uTorrentBar\tbuTo0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Daniel\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=3A39FE7D27264988A3C840EE2EB7B9AE7FC01052 ft=1 fh=5ec34f3b87536c74 vn="Win32/AdWare.1ClickDownload.AT application" ac=I fn="C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=7E6F2BE11C99FA33970782D197E9C0B9AF2EBF99 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BH potentially unsafe application" ac=I fn="C:\Users\Marrk.cube\Documents\Paraphernalia\Movies\Adobe CS5 Master Collection\KEYGEN.rar"
sh=35C0B276A2A20237B6366B76F92CF502B38D3310 ft=1 fh=e390552a695e91b7 vn="Win32/Adware.Yontoo.D application" ac=I fn="C:\Users\Marrk.cube\Downloads\firstrowsportapp_setup(21).exe"
sh=553FB0F6C24F5FEA3B633D9B6B04E199FDB7DA0B ft=1 fh=f003e6de6702a66d vn="Win32/Adware.Yontoo.D application" ac=I fn="C:\Users\Marrk.cube\Downloads\firstrowsportapp_setup(36) (1).exe"
sh=1171F22492186F95F219CD56CF2E16F176F2E2F7 ft=1 fh=4509db9ec04fe80a vn="a variant of Win32/Verti.G potentially unwanted application" ac=I fn="C:\Users\Marrk.cube\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe"
sh=07243461F119226ACFB6F0373C56FF2F4D4AA04C ft=1 fh=09524b5c19c9b50d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Marrk.cube\Downloads\TubeTilla.exe"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Marrk_2\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=8553C384E0734CCA73B968861543B17E0CEAEE7E ft=1 fh=729dcb12a32bcbdc vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Marrk_2\Downloads\winzip155.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\tbuTo0.dll"
sh=FE35DE58565C97C53AE06E074B1709384D593095 ft=0 fh=0000000000000000 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}.cpi"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=27327CE935264BE6554AB64CC62CCA1AED7E1671 ft=1 fh=3cfe49887f8b1621 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\stuart.wilkie\AppData\Roaming\Mozilla\Firefox\Profiles\ko4ahuul.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\Plugins\npConduitFirefoxPlugin.dll"
sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\56c8fe.msi"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\8d5fba.msi"
sh=8DB471AE927BE31261CAB2362FF198E6ADD6E7CB ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Windows\Installer\a6540e.msi"
 


  • 0

#12
zep516
Posted 13 October 2014 - 05:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

There are some minor things in your online scan that should be removed.


delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
    rd /s /q "C:\temp\InstallFilter64.msi"
    rd /s /q "C:\temp\t.msi""C:\Users\ben\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll"
    rd /s /q "C:\Users\ben\AppData\LocalLow\uTorrentBar\tbuTo0.dll"
    rd /s /q "C:\Users\Daniel\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
    rd /s /q "C:\Users\Marrk.cube\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
    rd /s /q "C:\Users\Marrk.cube\Documents\Paraphernalia\Movies\Adobe CS5 Master Collection\KEYGEN.rar"
    rd /s /q "C:\Users\Marrk.cube\Downloads\firstrowsportapp_setup(21).exe"
    rd /s /q "C:\Users\Marrk.cube\Downloads\firstrowsportapp_setup(36) (1).exe"
    rd /s /q "C:\Users\Marrk.cube\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe"
    rd /s /q "C:\Users\Marrk.cube\Downloads\TubeTilla.exe"
    rd /s /q "C:\Users\Marrk_2\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
    rd /s /q "C:\Users\Marrk_2\Downloads\winzip155.exe"
    rd /s /q "C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll"
    rd /s /q "C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\tbuTo0.dll"
    rd /s /q "C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}.cpi"
    rd /s /q "C:\Users\stuart.wilkie\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
    rd /s /q "C:\Users\stuart.wilkie\AppData\Roaming\Mozilla\Firefox\Profiles\ko4ahuul.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\Plugins\npConduitFirefoxPlugin.dll"
    rd /s /q "C:\Windows\Installer\56c8fe.msi"
    rd /s /q "C:\Windows\Installer\8d5fba.msi"
    rd /s /q "C:\Windows\Installer\a6540e.msi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Let me know when that is done, and what issues do we still have.

Thanks
Joe :)
  • 0

#13
martyvibe
Posted 14 October 2014 - 11:56 AM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay, just run the above procedure, all seems swell so far. Let me know if there's anything else my good man.


  • 0

#14
zep516
Posted 14 October 2014 - 01:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Very well then.

Time to clean up the tools we used and rid log reports.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0

#15
martyvibe
Posted 15 October 2014 - 12:00 PM

martyvibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here goes...

 

# DelFix v10.8 - Logfile created 15/10/2014 at 18:58:31
# Updated 29/07/2014 by Xplode
# Username : Marrk - CUBE
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Marrk.cube\Desktop\adwcleaner_4.000.exe
Deleted : C:\Users\Marrk.cube\Desktop\Extras.Txt
Deleted : C:\Users\Marrk.cube\Desktop\JRT.exe
Deleted : C:\Users\Marrk.cube\Desktop\JRT.txt
Deleted : C:\Users\Marrk.cube\Desktop\OTL.Txt
Deleted : C:\Users\Marrk.cube\Desktop\OTL1.Txt
Deleted : C:\Users\Marrk.cube\Desktop\OTL (1).exe
Deleted : C:\Users\Marrk.cube\Downloads\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Marrk.cube\Downloads\esetsmartinstaller_enu(2).exe
Deleted : C:\Users\Marrk.cube\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #513 [Windows Update | 10/07/2014 17:58:10]
Deleted : RP #514 [avast! antivirus system restore point | 10/07/2014 19:41:11]
Deleted : RP #515 [Windows Update | 10/11/2014 16:28:53]
Deleted : RP #516 [Sony PC Companion | 10/12/2014 02:22:17]
Deleted : RP #517 [OTL Restore Point - 10/12/2014 6:25:44 PM | 10/12/2014 17:25:46]
Deleted : RP #518 [OTL Restore Point - 10/12/2014 7:13:53 PM | 10/12/2014 18:14:05]
Deleted : RP #519 [Windows Update | 10/13/2014 18:02:39]
 
New restore point created !
 
########## - EOF - ##########

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP