Not quick scan...Run Scan
Trojan.Viknok Activity 3
#91
Posted 23 July 2014 - 05:18 PM
#92
Posted 23 July 2014 - 05:23 PM
Ruka....website Malware warning just reared its ugly little head....first time in a while
Scan with benefits? Here it is
OTL logfile created on: 7/23/2014 7:16:31 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.89 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 68.39% Memory free
11.78 Gb Paging File | 9.93 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 637.76 Gb Free Space | 93.41% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/12 20:14:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL(1).exe
PRC - [2014/06/13 15:20:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/13 15:20:44 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/20 20:17:49 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/13 15:20:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/23 18:20:46 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/05/29 11:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/12/20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Amazon.com"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo..../?fr=sfp-yff25"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
[2014/07/20 19:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
O1 HOSTS File: ([2014/07/20 19:09:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/22 20:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/07/20 22:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/20 22:04:01 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/20 22:03:57 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/20 22:03:57 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/20 22:03:57 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/20 22:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/20 20:29:05 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 20:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/20 20:28:35 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/20 20:28:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/20 20:28:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/07/20 20:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/20 20:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/20 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Oracle
[2014/07/20 19:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/07/19 12:17:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/19 12:15:11 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2014/07/19 12:15:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temp
[2014/07/19 11:46:14 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/07/19 11:29:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/16 18:13:06 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/15 23:20:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/15 19:41:51 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/07/13 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/12 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1504000.00D
[2014/07/11 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/07/11 17:36:40 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2014/07/11 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/11 17:15:44 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe
[2014/07/11 17:11:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/07/11 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/11 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/07/11 15:56:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:50:49 | 000,061,216 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2014/07/11 15:50:41 | 000,258,848 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFw.sys
[2014/07/11 15:50:41 | 000,120,064 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFwIm.sys
[2014/07/11 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
[2014/07/09 19:02:49 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014/07/09 19:02:49 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014/07/09 19:02:43 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/07/09 19:02:43 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/07/09 19:02:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014/07/09 19:02:22 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/07/09 19:02:22 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/09 19:02:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/07/09 19:02:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/07/09 19:02:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/09 19:02:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/09 19:02:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/09 19:02:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/09 19:02:21 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/09 19:02:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/09 19:02:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/07/09 19:02:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/09 19:02:19 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/09 19:02:19 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/09 19:02:19 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/07/09 19:02:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/07/09 19:02:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/09 19:02:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/09 19:02:18 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/07/09 19:02:18 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/07/09 19:02:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/09 19:02:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/07/09 19:02:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/07/09 19:02:17 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/07/09 19:02:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/07/09 19:02:17 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/09 19:02:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/07/09 19:02:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/09 19:02:16 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/09 19:02:16 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/07/09 19:02:16 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/07/09 19:02:16 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/07/09 19:02:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/09 19:02:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/07/09 19:02:15 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/09 18:55:55 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
========== Files - Modified Within 30 Days ==========
[2014/07/23 19:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/23 18:32:27 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/23 18:27:30 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 18:27:30 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 18:20:46 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/23 18:20:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
[2014/07/23 18:20:22 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/07/23 18:20:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/23 18:19:55 | 448,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/23 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/23 17:55:01 | 000,001,288 | ---- | M] () -- C:\Users\owner\Desktop\Norton_Removal_Tool(4).exe - Shortcut.lnk
[2014/07/22 19:39:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/07/21 19:35:02 | 000,012,068 | ---- | M] () -- C:\Users\owner\Desktop\Program Files (x86) - Shortcut.lnk
[2014/07/20 21:18:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/20 20:26:42 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\mbam-setup-2.0.2.1012 - Shortcut.lnk
[2014/07/20 20:17:49 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/07/20 20:17:49 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/20 20:03:16 | 000,001,162 | ---- | M] () -- C:\Users\owner\Desktop\JavaRa-2.6 - Shortcut (2).lnk
[2014/07/20 19:41:09 | 000,001,162 | ---- | M] () -- C:\Users\owner\Desktop\JavaRa-2.6 - Shortcut.lnk
[2014/07/20 19:35:50 | 000,001,189 | ---- | M] () -- C:\Users\owner\Desktop\jxpiinstall - Shortcut.lnk
[2014/07/20 19:09:24 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/07/19 12:25:52 | 000,000,788 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck - Shortcut.lnk
[2014/07/19 11:59:47 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/07/19 11:38:23 | 000,001,111 | ---- | M] () -- C:\Users\owner\Desktop\JRT - Shortcut.lnk
[2014/07/18 16:40:55 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\OTL(1) - Shortcut.lnk
[2014/07/18 16:27:40 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\FSS(1) - Shortcut.lnk
[2014/07/18 14:23:46 | 000,001,475 | ---- | M] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/17 06:13:24 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/17 06:12:28 | 000,001,243 | ---- | M] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 18:08:09 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 19:39:18 | 000,001,122 | ---- | M] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/11 18:42:04 | 002,121,736 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:40:42 | 000,001,315 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2014/07/11 17:36:42 | 000,001,112 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 03:02:05 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/11 02:56:08 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/11 02:56:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/11 02:55:32 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/09 19:12:47 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/05 14:58:48 | 000,001,126 | ---- | M] () -- C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
[2014/07/01 05:23:42 | 000,040,105 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
========== Files Created - No Company Name ==========
[2014/07/23 17:55:01 | 000,001,288 | ---- | C] () -- C:\Users\owner\Desktop\Norton_Removal_Tool(4).exe - Shortcut.lnk
[2014/07/21 19:35:02 | 000,012,068 | ---- | C] () -- C:\Users\owner\Desktop\Program Files (x86) - Shortcut.lnk
[2014/07/20 20:28:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/20 20:26:42 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\mbam-setup-2.0.2.1012 - Shortcut.lnk
[2014/07/20 20:03:16 | 000,001,162 | ---- | C] () -- C:\Users\owner\Desktop\JavaRa-2.6 - Shortcut (2).lnk
[2014/07/20 19:41:09 | 000,001,162 | ---- | C] () -- C:\Users\owner\Desktop\JavaRa-2.6 - Shortcut.lnk
[2014/07/20 19:35:50 | 000,001,189 | ---- | C] () -- C:\Users\owner\Desktop\jxpiinstall - Shortcut.lnk
[2014/07/19 12:25:52 | 000,000,788 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck - Shortcut.lnk
[2014/07/19 12:15:11 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/07/19 11:38:23 | 000,001,111 | ---- | C] () -- C:\Users\owner\Desktop\JRT - Shortcut.lnk
[2014/07/18 16:40:55 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\OTL(1) - Shortcut.lnk
[2014/07/18 16:27:40 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\FSS(1) - Shortcut.lnk
[2014/07/17 06:12:28 | 000,001,243 | ---- | C] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 18:08:09 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 19:39:18 | 000,001,122 | ---- | C] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/13 17:30:29 | 000,001,475 | ---- | C] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/13 16:54:34 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/12 18:17:23 | 000,040,105 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/07/11 18:41:56 | 002,121,736 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 17:36:42 | 000,001,112 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 14:53:30 | 000,000,464 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
[2013/09/02 13:34:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/21 14:18:07 | 000,017,408 | ---- | C] () -- C:\Users\owner\AppData\Local\WebpageIcons.db
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/22 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo
[2013/12/07 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ioloGovernor
[2013/07/31 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2014/07/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Oracle
[2013/01/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sMedio
[2013/07/31 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2012/10/20 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
#93
Posted 23 July 2014 - 05:52 PM
Were you able to get an Extras.txt?
#94
Posted 23 July 2014 - 06:17 PM
Sorry, I forgot I had to look for that seperately....
OTL Extras logfile created on: 7/23/2014 7:27:03 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.89 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.99% Memory free
11.78 Gb Paging File | 9.91 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 637.76 Gb Free Space | 93.41% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0458674B-DE68-4BA1-82F6-0F774E297AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{0FCFDD9D-696D-48CB-A1B1-B5394F4C94CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B4A33B5-288D-42F8-8E74-83F891C3EA8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C2A06DE-8830-4726-92A2-EF4F725E4D8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51853A02-B1CA-4151-B984-ECBE9C47DE64}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C1FE809-9D5A-4B95-98D6-3FC53FB94E48}" = lport=10243 | protocol=6 | dir=in | app=system |
"{870C20C4-D875-4A41-8E1A-10A7B3885C6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89BE466F-FD98-40D1-81EE-E1ACC25C461D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DCB865B-1A02-44C5-8B34-2F992C630E29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F18FCCE-C970-44C3-987E-F283CA12D58D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9DB32770-B485-4191-8B43-0B96958F0C19}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5B151BD-88DD-45AD-AF11-24B7B20A2606}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B82D6F09-F6A2-48DB-BE1A-EF45D4BB77EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B8897360-25C0-4CEC-8507-8A94EFEA1AD6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B957BB67-4FF1-46F1-A4DF-36DD01113C8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B95F45ED-33FE-4CAD-A455-CC52B1FE1A34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BADBC245-3FB6-421E-9D11-FCFBBEC3E32A}" = lport=138 | protocol=17 | dir=in | app=system |
"{BE8CB53D-ADCE-4496-86FF-4FE9F6EFEE00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5859C71-B1CF-4B40-8FD3-D34511BB103B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5F3CA79-CBD9-4F48-979A-36DB7CF8AFFF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C97DB990-323E-46FA-8E77-6BC6E1FB9475}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC4534FA-E3DD-4ADC-A289-7D68E4946E57}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{EF3D94E2-85D1-4CE9-ACFD-7CB18282D6D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F32CFFAE-A68E-4088-BB3C-50671266E041}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048AD352-2706-43AA-9BF9-C0E94829A2FE}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse510.tmp\symnrt.exe |
"{081329C5-CC85-485F-A390-1E32E8D4F35D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13AA97A6-780A-4733-8706-23BC107C5B3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{21397922-540D-4F73-86DB-B5ADEAEB3E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C17CB65-B35D-4FFB-A950-5B947D92AB09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CD135C1-3163-484E-8FE5-CF1C07A4269B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3330.tmp\symnrt.exe |
"{2D8799B8-C7CB-4640-8ACC-99C33F144AE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{311541B2-79FA-4FF5-B033-C75FE8742971}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zseb0.tmp\symnrt.exe |
"{3A0BF305-AAA0-421F-9FC1-8578D3478CFD}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse474.tmp\symnrt.exe |
"{3C52F5B0-F2E5-45F6-B7BD-5B77F9807809}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs9185.tmp\symnrt.exe |
"{3CAE433F-6D4C-4EC7-96AD-C960D93F1FC8}" = protocol=6 | dir=out | app=system |
"{3D3B5E04-3043-42F3-AA6F-D29B85C9CEBF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3E3CF9C8-5941-4DA9-AD77-4EF6A93F2564}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{45527D96-58AF-4BA3-B645-46CF195165F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46C446C0-D97B-4BC9-BCE2-F724C371F9A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4814AF6E-F389-41CB-9D30-E8B790E16CC6}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs7d88.tmp\symnrt.exe |
"{4A5CC762-F129-4EE3-9B10-4916E7CD8BAB}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsc60c.tmp\symnrt.exe |
"{57AF3079-DC1A-4A21-9A4D-A40BF0FC2128}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zseb0.tmp\symnrt.exe |
"{5864E825-8380-4BA2-9C32-0DF9297AB256}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8b6d.tmp\symnrt.exe |
"{697840AC-0688-4C09-9F75-55C4A1286603}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs82c5.tmp\symnrt.exe |
"{6B1B928F-8CF4-4FBB-8812-7871D358B827}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DFA8C17-5FD1-44F1-B8F2-26584DED8578}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{707FBA79-B9E7-439F-AD05-A548060573E8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8b6d.tmp\symnrt.exe |
"{70D418B3-02D0-4090-81C6-5CA44ED7792E}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3330.tmp\symnrt.exe |
"{70D87379-0F9B-4FEC-A19E-C04ED82FE410}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a8f.tmp\symnrt.exe |
"{802B027B-2279-40F0-9329-2773C902CDA2}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs9185.tmp\symnrt.exe |
"{8212B583-9F43-4599-86EB-08BF13E3E8BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C915F18-0E17-4EE5-A0E5-6EC87D226631}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsc60c.tmp\symnrt.exe |
"{951D8C0C-B1A8-416E-9073-409D0025E665}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E3F32C8-0884-43E1-A556-BC8785C5D3C2}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsec70.tmp\symnrt.exe |
"{9F2036F2-E62F-4804-B17E-5A9DCD6B9BF3}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse510.tmp\symnrt.exe |
"{A2EE3453-CB18-4132-952F-B7C19D8705A1}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3ffc.tmp\symnrt.exe |
"{A8AB4F74-7988-4A61-BE43-B4E33F1E6BDE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B184FADB-2159-413C-AAFF-7B91D5EE3E18}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{B2BB4716-56CE-421A-89A0-739A2D393BEE}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a8f.tmp\symnrt.exe |
"{B4432132-A5BF-4005-A89E-4D46DF70DAFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B53279F0-0407-42B6-A4B1-0997764EF18E}" = protocol=1 | dir=out | [email protected],-28544 |
"{B7631147-D19B-4231-9B5C-7189EFFB2DB6}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsf362.tmp\symnrt.exe |
"{B7692A84-1EFB-4E57-9EC0-95F4DA58077C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B9850E4C-F9A5-4A40-B40D-AF1DEA34680B}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs32c3.tmp\symnrt.exe |
"{BDBC46EA-D36A-46BB-8BD9-956C29E3EA9A}" = protocol=58 | dir=in | [email protected],-28545 |
"{C03DF68E-351E-485C-AF8E-3C98ECB2E2CC}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3ffc.tmp\symnrt.exe |
"{C04F5D7F-D203-426F-8051-65EDE3D2A3D3}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse474.tmp\symnrt.exe |
"{C492D89C-CD27-42DA-B36F-C4063215D0B7}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs7cae.tmp\symnrt.exe |
"{C4BE608D-89BC-402B-B6A6-351C4EDCB5A0}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs7cae.tmp\symnrt.exe |
"{C840F67A-65CF-4F66-BFE7-980D30A3C599}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D119CC3F-6645-4722-8AC0-815CB3C5A7A3}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8eb7.tmp\symnrt.exe |
"{D2C5A9F0-1607-4BD7-ABB2-102CB710830B}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsded9.tmp\symnrt.exe |
"{D5628E3A-F11C-4E22-A0FD-E371CA85E511}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8eb7.tmp\symnrt.exe |
"{DC1D9B78-AB4A-432F-81A1-8727D20D139B}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs82c5.tmp\symnrt.exe |
"{DC864A35-336A-44CE-AFE4-DDE5BB650098}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1B90DE5-BFB4-4528-B927-B5A3CC91F613}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsf362.tmp\symnrt.exe |
"{E40577B6-16BD-42C0-A551-089300F4088C}" = protocol=1 | dir=in | [email protected],-28543 |
"{EBC08DC5-A272-4A75-BC72-6C0B0C8C74FC}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsec70.tmp\symnrt.exe |
"{ED219BEF-2A38-4914-8FDD-27D910C61A90}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs7d88.tmp\symnrt.exe |
"{F34F79B5-64EF-4E54-89F2-E88933952CFE}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs32c3.tmp\symnrt.exe |
"{F5AE9AD8-D40A-4B1F-9C36-C0DB935CE77A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA7DB36E-BE2C-4DC9-87E6-1A6AB28980A2}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsded9.tmp\symnrt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{75A43A49-A6A1-4FCB-A41E-02D76E166691}" = SRS Premium Sound Control Panel
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 65
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"am-supertexttwist" = Super TextTwist
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.91
"ToshibaSD" = Toshiba Security Dashboard
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2014 5:33:55 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 5:35:47 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\$RECYCLE.BIN\S-1-5-21-3199016441-4099478238-2613309327-1000\$RMZJYRV.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 5:39:35 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 5:39:44 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 5:39:44 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 5:39:55 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/21/2014 7:30:41 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/22/2014 8:16:21 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/22/2014 8:16:21 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/22/2014 8:16:26 PM | Computer Name = owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ iolo Applications Events ]
Error - 12/5/2013 10:48:45 PM | Computer Name = owner-PC | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown Error message: System Error.
Code: 1115. A system shutdown is in progress
Error - 2/7/2014 10:52:42 PM | Computer Name = owner-PC | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown Error message: System Error.
Code: 1115. A system shutdown is in progress
[ System Events ]
Error - 7/22/2014 9:13:54 PM | Computer Name = owner-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 7/22/2014 9:14:18 PM | Computer Name = owner-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 7/22/2014 9:14:23 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The Application Experience service failed to start due to the following
error: %%776
Error - 7/22/2014 9:40:42 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SDHookDriver
Error - 7/23/2014 6:11:39 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SDHookDriver
Error - 7/23/2014 5:44:59 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SDHookDriver
Error - 7/23/2014 5:57:36 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Identity Safe service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 7/23/2014 5:59:37 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SDHookDriver
Error - 7/23/2014 6:18:39 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Identity Safe service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 7/23/2014 6:20:24 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SDHookDriver
< End of report >
#95
Posted 23 July 2014 - 07:19 PM
Yeah, that's what I said....do I want to run WIndows updates and Intel ME FW Recovery it's telling me about or doesn't it even matter? I'm a bit discouraged seeing all those errors.
#96
Posted 23 July 2014 - 07:45 PM
#97
Posted 24 July 2014 - 07:24 PM
Ready for this? Norton message says that Norton wants to update virus definitions. I ran uninstall, DId not reinstall. If I let it download, do you think it will lead me to wherever this thing lives? I'll hang around for a while and not touch anything and then flip a coin. Heads: shut the machine down or Tails: update and see what happens.
#98
Posted 24 July 2014 - 07:26 PM
This is crazy...
Sure, see if it really updates. My suspicion is that it only has the timer left in one of the .ini files.
#99
Posted 24 July 2014 - 07:45 PM
I clicked ok and it went away. That malware warning popped up immediately, Haven't seen that in a while. I was on a couple websites tonight that I am sure of. Sam Ash and Guitar Center....their only danger to me is if I lose restraint.
#100
Posted 24 July 2014 - 07:49 PM
Looking at the control panel, I see a Toshiba Security dashboard published by Symantic. I never really
looked at the publishers before
#101
Posted 24 July 2014 - 08:51 PM
Hi Hofner,
There's still pieces of the Spark Trust A/V and in addition, a Firewall that is part of that suite too. We'll remove all of that. So, here we go.
OTL Fix
- Run OTL as you did before.
- Copy the text in the quote box below (staring with and including the :Commands. All the way to, and including the [reboot] command) and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
:Commands [CREATERESTOREPOINT] :OTL [2014/07/23 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job [2014/07/23 18:20:22 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.jobDRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) :Commands [EMPTYTEMP] [RESETHOSTS]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is doneAssuming that the OTL fix worked, and we'll check for that at the end, Spark Trust will NOT be on you system. However, there may be a few locations that want to Run it. It won't be able to run, but let's remove the request anyway so that you won't have to see it.
When this is complete, uninstall the Norton Uninstaller. Then re-run OTL with the Extras Registry, "All" button and the Run Scan (not Quick Scan)
Then post the OTL.Txt and the Extras.txt
Obviously, look for any warnings or other odd behavior and if you can, please get a Screen Shot of it and post it for me.
#102
Posted 25 July 2014 - 05:36 AM
Spark Trust ? No problem The internet it gone. I ran the run/fix rebooted and"Firefox cannot connect to server" IE not connected to network:wireless adapter is experiencing problems.
OTL : "All processes killed. Spark Trust Reg 3 job moved successfuly
Service sbwtis stopped
" " deleted
Windows driver moved
sbwtis sys moved
" " stopped
Registry files deleted on reboot
Those are some notes I took from an OTL scan before I had to leave for work.
Box on task bar: no cinnection available
Rebooted computer, rebooted cable modem...Nad zip zero.
I could have had a new computer a couple times by now. Should I do that this afternoon? I am working until noon eastern time, but will stick around to see if any magic happens here.
#103
Posted 26 July 2014 - 08:54 AM
Hi Hofner,
I've added a command to the OTL Fix that I hope will give us some clarity into what condition the Stack is in.
OTL Fix
- Run OTL as you did before.
- Copy the text in the quote box below (staring with and including the :Commands. All the way to, and including the [reboot] command) and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
BASESERVICES :Commands [CREATERESTOREPOINT] :OTL :Files netsh advfirewall reset /c netsh advfirewall set allprofiles state ON /c ipconfig /flushdns /c netsh winsock reset catalog /c netsh int ip reset c:\resetlog.txt /c ipconfig /release /c ipconfig /renew /c :Commands [EMPTYTEMP] [RESETHOSTS]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is doneAssuming that the OTL fix worked, and we'll check for that at the end, Spark Trust will NOT be on you system. However, there may be a few locations that want to Run it. It won't be able to run, but let's remove the request anyway so that you won't have to see it.
When this is complete, uninstall the Norton Uninstaller. Then re-run OTL with the Extras Registry, "All" button and the Run Scan (not Quick Scan)
Then post the OTL.Txt and the Extras.txt
Obviously, look for any warnings or other odd behavior and if you can, please get a Screen Shot of it and post it for me.
#104
Posted 26 July 2014 - 08:57 AM
I'm outta here...Thank you. I am assuming that the spacings with the / C are important, yes? I've been careful with that.
#105
Posted 26 July 2014 - 09:01 AM
Spacings are very important. The command fails if the spacing is incorrect.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users