View Full Version : Malware removed but Laptop wouldn't restart - Windows 8.1
I've been pulling my hair out for the past 2 days with Spybot 2.2 supposedly finding malware. It told me that I had Win32.2YourFace.bho among other more minor things. I told it to fix and it ticked everything saying it had been done but when I scanned again it all showed again. I finally managed to get rid of Win32.2YourFace.bho by using various other cleaners i found on other forums but was still left with the minor stuff. I've attached a log from earlier below.
I decided to run it in safe mode and it removed all but 2 of the items then I tried to restart and my laptop wouldn't restart and it couldn't repair so I had to restore to earlier today which has probably put those things right back in.
Avast isn't finding anything, Malwarebytes Anti-Malware isn't finding anything so why does Spybot keep finding them?
I didn't install or run ERUNT as it didn't show windows 8.1 as a compatible version. aswMBR log below, DDS Log wouldn't run as it said it cannot run in compatibility mode.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-06 08:42:06
-----------------------------
08:42:06.848 OS Version: Windows x64 6.2.9200
08:42:06.849 Number of processors: 4 586 0x3A09
08:42:06.849 ComputerName: NADIALAPTOP UserName: Nadia
08:42:06.853 Initialze error 1
08:42:09.728 AVAST engine defs: 14040504
08:42:19.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
08:42:19.374 Disk 0 Vendor: Hitachi_HTS541010A9E680 JA0OA4D0 Size: 953869MB BusType: 11
08:42:19.386 Disk 0 MBR read successfully
08:42:19.388 Disk 0 MBR scan
08:42:19.391 Disk 0 unknown MBR code
08:42:19.394 Disk 0 Partition 1 00 EE GPT 953869 MB offset 1
08:42:19.397 Disk 0 scanning C:\WINDOWS\system32\drivers
08:42:19.400 Service scanning
08:42:19.987 Modules scanning
08:42:19.994 Disk 0 trace - called modules:
08:42:20.003 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys hal.dll iaStorA.sys
08:42:20.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00002907060]
08:42:20.018 3 CLASSPNP.SYS[fffff80000601abb] -> nt!IofCallDriver -> [0xffffe00002908870]
08:42:20.031 5 hpdskflt.sys[fffff800013a6379] -> nt!IofCallDriver -> \Device\0000002c[0xffffe00000f80060]
08:42:20.041 AVAST engine scan C:\WINDOWS
08:42:20.047 AVAST engine scan C:\WINDOWS\system32
08:42:20.054 AVAST engine scan C:\WINDOWS\system32\drivers
08:42:20.061 AVAST engine scan C:\Users\Nadia
08:42:20.069 AVAST engine scan C:\ProgramData
08:42:20.074 Scan finished successfully
08:42:28.061 Disk 0 MBR has been saved successfully to "C:\Users\Nadia\Desktop\MBR.dat"
08:42:28.067 The log file has been saved successfully to "C:\Users\Nadia\Desktop\aswMBR.txt"
Satchfan
2014-04-06, 11:03
Hello nadia19 and welcome to the Safer Networking Forum.
My name is Satchfan and I would be glad to help you with your computer problem.
Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================
Run RogueKiller
IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!
Close all running programs.
Download one of these to your desktop:
for a 32-bt system download this (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) version.
for 64-bit use this (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) one
.
close all running programs
for Windows Vista/Seven,8 right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.
Satchfan
Thanks for your reply. I tried to download roguekiller 64bit but I get an "Oops" page saying it can't find it.
Satchfan
2014-04-06, 11:29
Sorry about the bad link.
Try this (http://www.bleepingcomputer.com/download/roguekiller/dl/121/).
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Nadia [Admin rights]
Mode : Scan -- Date : 04/06/2014 09:38:26
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541010A9E680 +++++
--- User ---
[MBR] 8e4e14f27291f4ddccf5ca7da0716fb1
[BSP] 7a953ccb260afb33417e633f79ea4ff4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_04062014_093826.txt >>
Satchfan
2014-04-06, 12:11
I'm a little surprised that nothing showed up in that.
Let's try another.
Download and run OTL
download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
click Scan all users.
under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
you may need two posts to fit them both in.
Thanks
Satchfan
OTL logfile created on: 06/04/2014 10:28:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
5.89 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 69.39% Memory free
11.89 Gb Paging File | 9.99 Gb Available in Paging File | 84.01% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.29 Gb Total Space | 783.02 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
Drive D: | 20.11 Gb Total Space | 2.45 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Computer Name: NADIALAPTOP | User Name: Nadia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/06 10:26:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe
PRC - [2014/03/25 09:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/03/25 09:05:05 | 012,916,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/03/25 08:42:32 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014/03/21 20:01:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/21 20:01:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/19 22:27:24 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/19 22:27:24 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/16 10:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/07 20:19:22 | 000,240,736 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/09/20 11:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/19 18:07:36 | 001,344,312 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2013/07/25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/03 19:47:50 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/01/24 19:12:30 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC40.exe
PRC - [2012/09/07 17:33:08 | 000,581,024 | -H-- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/09/07 17:33:08 | 000,035,232 | -H-- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/07/18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
========== Modules (No Company Name) ==========
MOD - [2014/04/05 21:27:50 | 001,157,120 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ssl.pyd
MOD - [2014/04/05 21:27:50 | 000,811,008 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._windows_.pyd
MOD - [2014/04/05 21:27:50 | 000,805,888 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._gdi_.pyd
MOD - [2014/04/05 21:27:50 | 000,712,192 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_hashlib.pyd
MOD - [2014/04/05 21:27:50 | 000,110,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pywintypes27.dll
MOD - [2014/04/05 21:27:50 | 000,070,656 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._html2.pyd
MOD - [2014/04/05 21:27:50 | 000,026,624 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_multiprocessing.pyd
MOD - [2014/04/05 21:27:50 | 000,024,064 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pipe.pyd
MOD - [2014/04/05 21:27:49 | 001,062,400 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._controls_.pyd
MOD - [2014/04/05 21:27:49 | 000,686,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\unicodedata.pyd
MOD - [2014/04/05 21:27:49 | 000,127,488 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pyexpat.pyd
MOD - [2014/04/05 21:27:49 | 000,087,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ctypes.pyd
MOD - [2014/04/05 21:27:49 | 000,038,912 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32inet.pyd
MOD - [2014/04/05 21:27:49 | 000,035,840 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32process.pyd
MOD - [2014/04/05 21:27:49 | 000,025,600 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pdh.pyd
MOD - [2014/04/05 21:27:49 | 000,018,432 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32event.pyd
MOD - [2014/04/05 21:27:49 | 000,017,408 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32profile.pyd
MOD - [2014/04/05 21:27:49 | 000,010,240 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\select.pyd
MOD - [2014/04/05 21:27:48 | 001,175,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._core_.pyd
MOD - [2014/04/05 21:27:48 | 000,735,232 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._misc_.pyd
MOD - [2014/04/05 21:27:48 | 000,557,056 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pysqlite2._sqlite.pyd
MOD - [2014/04/05 21:27:48 | 000,525,640 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/05 21:27:48 | 000,364,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pythoncom27.dll
MOD - [2014/04/05 21:27:48 | 000,320,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32com.shell.shell.pyd
MOD - [2014/04/05 21:27:48 | 000,128,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_elementtree.pyd
MOD - [2014/04/05 21:27:48 | 000,122,368 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._wizard.pyd
MOD - [2014/04/05 21:27:48 | 000,119,808 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32file.pyd
MOD - [2014/04/05 21:27:48 | 000,108,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32security.pyd
MOD - [2014/04/05 21:27:48 | 000,098,816 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32api.pyd
MOD - [2014/04/05 21:27:48 | 000,044,032 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_socket.pyd
MOD - [2014/04/05 21:27:48 | 000,022,528 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32ts.pyd
MOD - [2014/04/05 21:27:48 | 000,011,264 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32crypt.pyd
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/16 23:09:37 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\97272e5adde36ea896d7216bf0270e15\System.Configuration.ni.dll
MOD - [2014/02/16 23:03:34 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014/02/16 23:03:29 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014/02/16 23:03:19 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014/02/16 23:02:34 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014/02/16 23:02:22 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014/02/05 21:29:23 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/23 08:44:31 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/05/16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/24 19:12:30 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC40.exe
MOD - [2013/01/24 07:34:34 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducapi.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:[b]64bit: - [2014/03/21 20:01:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/27 16:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 10:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/08 04:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/31 01:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/31 01:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/22 02:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/21 16:27:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/10/04 09:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/30 05:11:10 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/30 05:11:10 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/30 05:11:09 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 10:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/06/03 19:17:49 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2014/03/25 09:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/03/19 22:27:24 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/01/25 03:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/21 16:27:59 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/10/21 16:27:56 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/10/21 16:27:56 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/10/07 20:19:22 | 000,240,736 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/30 05:11:08 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/06/03 19:47:50 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/09/07 17:33:08 | 000,035,232 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/07/18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 17:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/21 20:02:03 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/21 20:02:03 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/21 20:02:02 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/21 20:02:02 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/21 20:02:02 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/21 20:02:02 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/21 20:02:02 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/19 22:27:40 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/03/19 22:27:40 | 000,273,592 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportHades64.sys -- (RapportHades64)
DRV:64bit: - [2014/01/25 03:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/08 02:46:27 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/12/27 00:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/12/27 00:30:20 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/12/02 18:32:18 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/11/11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/31 01:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/31 01:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/31 01:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/31 01:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/13 03:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/30 05:11:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/30 05:11:07 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/30 05:11:07 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 04:58:56 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/30 04:58:53 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 13:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 13:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/03 19:20:59 | 000,650,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/06/03 19:17:51 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/05/24 11:34:59 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/24 11:34:57 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/03/07 16:21:21 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb)
DRV:64bit: - [2013/01/11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/24 10:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/07/31 09:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/04 14:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2014/03/19 22:27:40 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/03/19 22:27:40 | 000,282,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/10/14 09:50:05 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2013/02/11 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Extensions
[2013/02/11 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Quidco Cashback Reminder = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhpdajcog\2.0.14_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.4.2_0\
CHR - Extension: avast! Online Security = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Google Wallet = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/04/05 11:08:25 | 000,450,709 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [AD2A7E21FB3C3DB169EC5EE6823D4B475C9622BD._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [NoIPDUCv4] C:\Program Files (x86)\No-IP\DUC40.exe ()
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} http://192.168.0.100:81/RSVideoOcx.cab (RSVideo Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab (GMNRev Class)
O16 - DPF: {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} http://192.168.0.100:81/webvideo.cab (webvideo Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F7CFEB5-4CC1-42EA-939C-2F119B728C7A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a6f7f711-9c92-11e2-be9a-8434977d85f7}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f7f711-9c92-11e2-be9a-8434977d85f7}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/04/06 10:26:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe
[2014/04/06 09:34:59 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\RK_Quarantine
[2014/04/06 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Local\CrashDumps
[2014/04/06 08:40:43 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Nadia\Desktop\dds.scr
[2014/04/05 14:10:46 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/05 13:24:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/05 13:12:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/04 22:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/04 22:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/21 20:02:01 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/03/17 21:23:47 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2014/03/17 21:23:47 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2014/03/12 18:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/03/12 18:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/03/12 18:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/03/12 18:35:03 | 005,770,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/03/12 18:35:02 | 006,640,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/03/12 18:35:02 | 002,133,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/03/12 18:35:01 | 002,143,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/03/12 18:35:01 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/03/12 18:35:01 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/03/12 18:35:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/03/12 18:35:00 | 001,371,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/03/12 18:35:00 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/03/12 18:35:00 | 000,764,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/03/12 18:35:00 | 000,669,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/03/12 18:34:59 | 004,175,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll
[2014/03/12 18:34:59 | 001,486,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll
[2014/03/12 18:34:59 | 000,407,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Faultrep.dll
[2014/03/12 18:34:59 | 000,369,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Faultrep.dll
[2014/03/12 18:34:59 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2014/03/12 18:34:58 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2014/03/12 18:34:58 | 001,238,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll
[2014/03/12 18:34:58 | 000,458,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WerFault.exe
[2014/03/12 18:34:58 | 000,408,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WerFault.exe
[2014/03/12 18:34:58 | 000,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/03/12 18:34:58 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2014/03/12 18:34:57 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppcomapi.dll
[2014/03/12 18:34:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWWIN.EXE
[2014/03/12 18:34:57 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DWWIN.EXE
[2014/03/12 18:34:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/03/12 18:34:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/03/12 18:34:48 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/03/12 18:34:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/03/12 18:34:47 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/03/12 18:34:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/03/12 18:34:46 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/03/12 18:34:41 | 000,236,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/03/12 18:34:38 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/03/12 18:34:33 | 000,124,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2014/03/12 18:34:25 | 001,643,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/03/12 18:34:24 | 001,507,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/03/12 18:34:24 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/03/12 18:34:23 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2008/01/14 10:25:25 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmmdm.sys
[2008/01/14 10:25:25 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmserd.sys
[2008/01/14 10:25:25 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmbus.sys
[2008/01/14 10:25:25 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmmdfl.sys
[2008/01/14 10:25:25 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmcmnt.sys
[2008/01/14 10:25:25 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmwhnt.sys
[2008/01/14 10:25:25 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Nadia\mqdmcr.sys
[2008/01/14 10:21:55 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadia\usbsermptxp.sys
[2008/01/14 10:21:55 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadia\usbsermpt.sys
========== Files - Modified Within 30 Days ==========
[2014/04/06 10:26:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe
[2014/04/06 10:25:16 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/06 09:34:44 | 003,972,608 | ---- | M] () -- C:\Users\Nadia\Desktop\RogueKiller.exe
[2014/04/06 09:21:45 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 08:42:28 | 000,000,512 | ---- | M] () -- C:\Users\Nadia\Desktop\MBR.dat
[2014/04/06 08:40:44 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Nadia\Desktop\dds.scr
[2014/04/05 21:27:17 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/05 21:27:09 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 21:22:08 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2014/04/05 21:21:32 | 768,622,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 21:21:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/05 18:08:07 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForNadia.job
[2014/04/05 14:46:53 | 000,059,081 | ---- | M] () -- C:\Users\Nadia\Desktop\S&D results.gif
[2014/04/05 13:59:52 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMSEmulator.exe
[2014/04/05 13:13:49 | 000,958,356 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/05 13:13:49 | 000,801,446 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/05 13:13:49 | 000,165,972 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/05 13:07:04 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMSDaily.job
[2014/04/05 11:08:25 | 000,450,709 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2014/04/04 22:22:51 | 000,277,812 | ---- | M] () -- C:\Users\Nadia\Desktop\cc_20140404_222224.reg
[2014/04/04 22:11:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/02 17:22:34 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 21:10:30 | 000,489,344 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/25 19:22:35 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/24 22:19:29 | 000,001,719 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2014/03/21 22:07:10 | 000,450,709 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20140405-110825.backup
[2014/03/21 20:02:03 | 000,208,928 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/03/21 20:02:03 | 000,084,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014/03/21 20:02:02 | 001,039,096 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2014/03/21 20:02:02 | 000,423,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014/03/21 20:02:02 | 000,334,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/03/21 20:02:02 | 000,093,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/03/21 20:02:02 | 000,079,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/03/21 20:02:02 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/03/21 20:02:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/03/19 22:27:40 | 000,316,312 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\SysNative\drivers\RapportKE64.sys
[2014/03/19 22:27:40 | 000,273,592 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\SysNative\drivers\RapportHades64.sys
========== Files Created - No Company Name ==========
[2014/04/06 09:34:44 | 003,972,608 | ---- | C] () -- C:\Users\Nadia\Desktop\RogueKiller.exe
[2014/04/05 14:46:51 | 000,059,081 | ---- | C] () -- C:\Users\Nadia\Desktop\S&D results.gif
[2014/04/04 22:22:33 | 000,277,812 | ---- | C] () -- C:\Users\Nadia\Desktop\cc_20140404_222224.reg
[2014/04/04 22:11:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/25 19:22:35 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/03/25 19:22:35 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/12 18:34:57 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/03/06 21:18:41 | 000,000,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/13 19:18:22 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/25 03:22:44 | 000,299,520 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/01/25 03:22:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/25 03:22:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/10/21 15:38:16 | 000,964,970 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/09/23 16:03:36 | 000,368,428 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013/09/23 16:03:36 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/27 17:07:23 | 000,178,688 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/03/16 20:36:13 | 000,003,584 | ---- | C] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/09 22:56:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMSEmulator.exe
[2012/07/25 21:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 21:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 21:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/06/12 11:38:14 | 000,519,680 | ---- | C] () -- C:\WINDOWS\SysWow64\RSPlay.dll
[2012/06/12 11:37:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\SysWow64\RSNet.dll
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2008/03/11 18:59:37 | 000,097,532 | ---- | C] () -- C:\Users\Nadia\1205258377-oem23.PNF
[2008/03/11 18:59:37 | 000,051,833 | ---- | C] () -- C:\Users\Nadia\1205258377-oem23.inf
[2008/01/14 10:25:25 | 000,009,913 | ---- | C] () -- C:\Users\Nadia\MCCI_MDM.INF
[2008/01/14 10:25:25 | 000,006,989 | ---- | C] () -- C:\Users\Nadia\MCCI_BUS.INF
[2008/01/14 10:25:25 | 000,004,477 | ---- | C] () -- C:\Users\Nadia\MCCI_SDM.INF
[2008/01/14 10:25:19 | 000,020,848 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (9)
[2008/01/14 10:25:19 | 000,018,104 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy
[2008/01/14 10:25:19 | 000,016,524 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (3)
[2008/01/14 10:25:19 | 000,016,348 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (5)
[2008/01/14 10:25:19 | 000,015,884 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (7)
[2008/01/14 10:25:19 | 000,009,232 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (8)
[2008/01/14 10:25:19 | 000,006,947 | ---- | C] () -- C:\Users\Nadia\1200302719-(null)
[2008/01/14 10:25:19 | 000,006,009 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (4)
[2008/01/14 10:25:19 | 000,005,877 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (2)
[2008/01/14 10:25:19 | 000,005,813 | ---- | C] () -- C:\Users\Nadia\1200302719-(null) - Copy (6)
[2008/01/14 10:21:55 | 000,009,232 | ---- | C] () -- C:\Users\Nadia\USB_MOT_BRIT.INF
[2008/01/14 10:21:55 | 000,007,194 | ---- | C] () -- C:\Users\Nadia\USBMOT2000.INF
[2008/01/14 10:21:55 | 000,005,960 | ---- | C] () -- C:\Users\Nadia\USB_MOT_A1000.INF
[2008/01/14 10:21:55 | 000,005,877 | ---- | C] () -- C:\Users\Nadia\USB_CMCS_2000.INF
[2008/01/14 10:21:55 | 000,005,798 | ---- | C] () -- C:\Users\Nadia\USBMOT2000XP.INF
========== ZeroAccess Check ==========
[2013/10/21 17:54:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 09:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/09 05:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2013/10/22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2013/10/22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/12/09 14:16:41 | 000,133,444 | ---- | M] () MD5=3DDF61E1B538A1205612192A61CC2376 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe
[2013/10/22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2013/10/22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013/12/10 17:27:30 | 000,127,825 | ---- | M] () MD5=983D8A3EB94B05A199D3744C0F0C475F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
[2013/09/20 11:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: SERVICES.EXE >
[2013/08/22 14:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 14:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
< MD5 for: SVCHOST.EXE >
[2013/08/22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/08/22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\WINDOWS\SysNative\svchost.exe
[2013/08/22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe
< MD5 for: USERINIT.EXE >
[2013/08/22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\WINDOWS\SysNative\userinit.exe
[2013/08/22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2013/08/22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe
< MD5 for: WINLOGON.EXE >
[2013/08/22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\WINDOWS\SysNative\winlogon.exe
[2013/08/22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< %systemroot%\*. /rp /s >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS541010A9E680
Partitions: 5
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 400.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 420478976
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 910.00GB
Starting Offset: 827326464
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 350.00MB
Starting Offset: 978246959104
Hidden sectors: 0
DeviceID: Disk #0, Partition #4
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 978613960704
Hidden sectors: 0
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5] -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5] -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Stay With You.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\PG[18NOV2009-103700]_converted.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\paypal.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Insurance Schedule Insured.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\grattan.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\decree absolute.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Council Tax - Worrell.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\birth cert.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Barclaycard Statement.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\Letter head DP.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\businesscard-001.jpg:Roxio EMC Stream
@Alternate Data Stream - 195 bytes -> C:\Users\Nadia\SkyDrive.old:ms-properties
@Alternate Data Stream - 179 bytes -> C:\Users\Nadia\SkyDrive:ms-properties
< End of report >
OTL Extras logfile created on: 06/04/2014 10:28:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
5.89 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 69.39% Memory free
11.89 Gb Paging File | 9.99 Gb Available in Paging File | 84.01% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.29 Gb Total Space | 783.02 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
Drive D: | 20.11 Gb Total Space | 2.45 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Computer Name: NADIALAPTOP | User Name: Nadia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2536830986-821511902-3680961864-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EEDE3D-E4C0-4D82-BD4F-D2FFF88879A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12D76EF0-1699-42D9-813F-EC54A0BFEA67}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46C83DDF-353A-41E3-82DD-79E6FD7A9B93}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48C179EB-8E32-486A-9CAB-CD1DC4384369}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{674124E6-F66D-43F2-BD1C-4EFD2BB34E23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B5910A6-1886-46ED-9BB2-61F963606BD8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C169D89-C2EA-4C80-A9AE-7335FF876F8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C605A3AB-C47B-4CAF-8D91-7900AC4514C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE4A512B-A9E9-4AF1-AD01-F222AD08750E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAE055C1-B03C-4216-88E9-6240ECD1D21B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEA0F2D4-8560-47DB-BDAD-7BD66F0680FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1228286-8E34-423D-83DC-546012FDAF1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01684BD1-7496-4725-8D57-14974BEBD52E}" = dir=out | name=sonicwall mobile connect |
"{03CD0C51-1764-49DD-8148-49AE4C21CFC1}" = dir=in | name=canon inkjet print utility |
"{04C2E789-AB3B-4AAA-B6EC-A9A5BA6F2FD1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{078A6881-E63E-4D39-B4B8-B4C4B3956BD6}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{0A8169C3-2BB6-4F61-AFBC-BA0EF112D628}" = dir=out | name=@{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0D8B83FC-32B6-4DC5-BA2E-5C7626F1FF2A}" = dir=out | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{0FAD63C3-E066-4BFB-B315-E1A7DE3C6EED}" = dir=out | name=ebay |
"{1335DEC3-26BE-4F02-8AE7-2A65FE91BC51}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{149D00D8-850F-455B-BF60-8E01AF58D9C5}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{16001AF6-65AB-4363-96D5-701F6F81E49E}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{183272A4-B11D-4B7D-97B5-C87049998883}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1BDA3897-A2E7-42E7-BDF2-71B85B47C1D6}" = dir=out | name=skype |
"{1C62E1A7-7FD7-4EC2-8145-958361CD1EB4}" = dir=in | name=check point vpn |
"{1F58C23B-A11E-4EB9-B9A7-D0977A2DDBA7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{207947A5-6FEE-4876-9837-8D694285AD17}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{215D8061-2496-40F8-A3F6-50232477CB66}" = dir=out | name=@{microsoft.zunevideo_2.2.802.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{248431E8-C936-41CA-A57A-36F9DB38428D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{26C7771B-7BE3-4E8B-A3A1-B565D81187AC}" = dir=out | name=hp registration |
"{27A6C2C2-47B4-46F5-86C6-2D6D73883CDE}" = dir=out | name=check point vpn |
"{29AFD1F5-896C-434A-8A1B-342DB195696E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29C80257-E4EC-4E7F-BD42-D1840522C632}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{2AE62386-CB2A-4661-8A26-0A508A946CDB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B2A15EE-113D-47A3-8161-85C56ED6FC8B}" = dir=out | name=@{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{31AE6A59-522A-459B-A388-5B26618389B3}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3433AB48-E27C-47F6-B76F-A6E195507613}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B1DC4F4-74EB-404B-AF36-B716A57DD6B1}" = dir=out | name=@{61908richardwalters.calculator_2.14.0.0_neutral__486nvj664v5b0?ms-resource://61908richardwalters.calculator/resources/apptitle} |
"{3C6CB3D0-4AF2-4E67-9619-30604E7F8457}" = dir=out | name=google search |
"{3D727083-F64C-4962-96BA-34E5219749F6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{3E41A85A-7BAC-4917-B926-EE6FC9BF0F53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FC80BA5-F78A-4598-8B8F-7D5BB66B2789}" = dir=out | name=amazon |
"{402311D6-B896-43DB-B17D-4C7C7B50C2B1}" = dir=out | name=windows_ie_ac_001 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4921E131-378F-46C0-9BCC-7E48B33EDD34}" = protocol=6 | dir=out | app=system |
"{49C0C27D-70B2-464B-B929-37C5325B0AB6}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{50576B49-EAEE-4DAB-BB51-6BAA505289E6}" = dir=out | name=canon inkjet print utility |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{591CD276-13A7-417C-B76B-24BCD88D9E0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B633FFE-C82F-4E5F-AFD8-DA117DA1F05E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{5EF55BBD-0322-413C-9E52-A88E54588744}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{617F52E0-3585-44C3-82E0-B02BDF196551}" = dir=out | name=@{microsoft.bingnews_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{62663A10-A379-4C2B-BC69-8A4CFBE23F58}" = dir=out | name=juniper networks junos pulse |
"{6495C0E2-368B-4210-924C-5977D0037355}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{6577C314-47E4-43DA-B286-5CB6F3FF786F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{67A3E327-8AF5-43CB-91EB-AD4C4F9B7934}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{71EC14C8-5844-4F64-9B55-1FA7F48862AD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{794253C9-EE52-4B77-9D30-6099752FEF00}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7947161B-686F-4E88-AED7-86EA632B39CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7949235D-59F9-49C3-8732-8E24C85EDE0C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7C1BD29E-30FF-4F45-A4C7-7C9BB926DBA6}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{7EA8E229-5039-4F0C-BCD0-5193D634EEAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F998DA0-2377-474A-88FE-F03EAEA1D37E}" = protocol=6 | dir=in | app=c:\users\nadia\appdata\roaming\utorrent\utorrent.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{868DFB87-0C5E-45D8-985A-EB5E94659B2F}" = protocol=17 | dir=in | app=c:\users\nadia\appdata\roaming\utorrent\utorrent.exe |
"{874AEDB0-173F-40D9-AA5A-272404C6F5D0}" = dir=in | name=sonicwall mobile connect |
"{8A70B3E1-2124-4508-816D-ECEEE4C6FCBC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{8BEA0A02-6DD0-42B1-9AA3-7FF86CD1958C}" = dir=in | name=hp connected photo powered by snapfish |
"{91C48567-26D1-4C0B-85DC-0BBE15D8CC76}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{925815F3-798F-4FCA-854D-B3862B4C62C9}" = dir=out | name=getting started with windows 8 |
"{94239AB0-EFBF-4F9E-98D9-73414DF697DE}" = dir=in | name=skype |
"{9B5ECBFD-C73D-42DF-A431-3666092A3877}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A0BB6585-4CC4-4A58-B292-EE5B12DF71A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB5E1467-04A8-4E08-B8DD-0B43EFA52BFD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{ABCDF935-FC28-455D-9AA2-BF1B4BEC8A0A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ACCEBB67-870E-4444-AA3E-1FA3C06D2475}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ADBC7170-0EAE-4ECB-8EE7-3CC4131807A0}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B05CA262-CE71-40B0-8AEB-083A39D039BF}" = dir=out | name=hp connected photo powered by snapfish |
"{B75156DB-8D33-4C50-AF1B-11F834235DA3}" = dir=out | name=windows_ie_ac_001 |
"{BDCA0E72-FC62-4177-AB19-D43ED3B853D1}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C162EE4A-E001-47ED-9167-EBCD2A7D5012}" = dir=out | name=@{microsoft.bingfinance_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{C2D26A66-283C-4555-B4FC-B6B482B365A4}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{C5EFC3F6-CF8D-4579-88EB-47788082D083}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{CA03057C-9DAC-4563-B993-0CD98A06170F}" = dir=in | name=f5 vpn |
"{CA3A0D5C-9D2D-4702-878D-8B86C1E83D4F}" = dir=out | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{CD3965BD-E4E5-4D1E-AC11-A017502E21ED}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D06F41F4-69FE-47C4-B58B-0BEFCF5E5CC5}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D15FE9C2-16DE-4D7E-A815-96E919A6313B}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D22D1AF3-47C7-43EA-8580-CAEE4C5EC493}" = dir=out | name=@{microsoft.zunemusic_2.2.800.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D93BE1F9-2D48-411E-A01A-714010612DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9B3A4DA-3244-405B-823F-3617A2C3E5BF}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{DB05B9A4-BBC1-4E85-86F8-CDBF13E32ACE}" = dir=out | name=flow free |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DDE872C4-F42D-4444-9130-9D59844B9065}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E359C4DB-11D2-4673-B592-64F975F690EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E4488874-AA8D-4A04-AD0A-915085E6D4D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E591CDC7-BA59-4A70-A1B8-D6B9DF90422B}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{E67AC38C-93A6-45C7-9985-9DC5FD2040B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EC7E4CB1-6CFA-4B59-86F9-2A108884A87C}" = dir=in | name=overdrive media console |
"{ECEAA9FA-2FDE-4284-A4F3-49D4FFBB419B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ECFBCFC5-A613-4B8F-99FD-42FB6315D1CB}" = dir=out | name=f5 vpn |
"{ED5D4733-E36E-47C9-83CF-481EC485CAB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3F0CB8D-693D-46A0-84A4-D9EA7A491597}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8817CEE-D1B5-454F-9CEB-2C4887167EBC}" = dir=out | name=overdrive media console |
"{FA1553DA-E41A-43DA-89EC-FC0F59F00830}" = dir=out | name=@{microsoft.bingsports_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{FACC3DF8-9ACD-4CAD-9DD8-0260F4BE46D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBDF643C-7B03-4DF9-904F-941FB24994D9}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{FDDBED77-36A6-4832-84C9-84A27848358E}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{FFD4CF2B-6BFF-41BB-ABCA-E8521A8E6868}" = dir=in | name=juniper networks junos pulse |
"TCP Query User{6E398259-D760-47DC-A099-004A8077E39B}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{7FBD8165-05DE-4DC9-A9A2-1416A0377425}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A131DCD2-9B8A-48B4-A19E-CD3C01A402A0}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |
"TCP Query User{E04199CB-61A8-4F40-B609-7C11BAA5672E}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{083E2C2E-63E2-4311-82D7-28FB6756E322}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5ACBC9F3-66F2-49E2-8C36-B71C7097AEE2}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{639A00AE-9833-4C01-9FDA-D124399B1DBB}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |
"UDP Query User{6854A344-F9C0-4805-AB4B-89D4EADE8312}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}" = HP CoolSense
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}" = HP Documentation
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = avast! Free Antivirus
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NoIPDUC" = No-IP DUC
"Rapport_msi" = Trusteer Endpoint Protection
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"TeamViewer 9" = TeamViewer 9
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01efc082-150c-4415-aacb-f236544e86b4" = Governor of Poker 2 Premium Edition
"WTA-04fb9ea8-c17b-4262-866d-be29d74ef7ac" = Chuzzle Deluxe
"WTA-0eba3fec-ed4c-44ad-91fd-5048f7560ba8" = Wedding Dash
"WTA-1236ed3e-68ec-4254-a274-e3c2daae803f" = Bejeweled 3
"WTA-193669af-d354-4874-98ee-79b5f524f606" = Ranch Rush 2 - Premium Edition
"WTA-20f89c8f-75e3-4a31-bc0c-f8d8d5f7dded" = Polar Bowler
"WTA-370ba71c-7bac-4ac1-aac2-a3f82f1105a6" = Jewel Quest Solitaire 2
"WTA-3adb9973-8677-4a9e-9c89-99427b14a788" = Cradle of Rome 2
"WTA-58e3ae16-dcc5-41a2-b9ce-7cfcb28facf8" = 7 Wonders II
"WTA-6f3d8ec2-5a8c-4fcb-9496-a4cd2b459518" = Aloha TriPeaks
"WTA-76aad296-68c3-4f2f-bc0f-bb319a8ce00d" = Jewel Quest II
"WTA-803bafe4-84c3-401b-8f40-ec8d7c40b9fe" = Zuma's Revenge
"WTA-8c8d7d8e-beee-441e-8ba6-9e50824b66fe" = Jewel Match 3
"WTA-8d2f8934-9a0e-46f4-b4b6-99106b714154" = Final Drive Fury
"WTA-98e6e5e6-14b9-46eb-a90f-1505e20742af" = Virtual Families
"WTA-9dc594d4-8e19-4d81-97e2-3e182816815f" = Mahjongg Artifacts
"WTA-a0ce127d-289d-4c0a-8f99-ea49716d5002" = Mystery of Mortlake Mansion
"WTA-a1c7006d-37ed-4e0e-9a9e-cf935be7f317" = Crazy Chicken Soccer
"WTA-a89ae769-a8ef-4248-916b-444c272e76a0" = Build-a-lot 4 - Power Source
"WTA-aed418a4-2ac1-44de-99a2-eaf4af4bc872" = Farm Frenzy
"WTA-e0c8352d-8d01-45d0-a6b1-bdd8d5c384c1" = Trinklit Supreme
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2536830986-821511902-3680961864-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08/02/2014 12:36:28 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10059125
Error - 08/02/2014 12:40:45 | Computer Name = NadiaLaptop | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.3.9600.16431 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fd8 Start
Time: 01cf24d4082b2a84 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe
Report
Id: bfa69415-90df-11e3-bf09-8434977d85f7 Faulting package full name: Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5c
Faulting
package-relative application ID: App
Error - 08/02/2014 16:58:45 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08/02/2014 16:58:45 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6422985
Error - 08/02/2014 16:58:45 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6422985
Error - 08/02/2014 17:08:29 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08/02/2014 17:08:29 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1171
Error - 08/02/2014 17:08:29 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1171
Error - 08/02/2014 17:16:00 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08/02/2014 17:16:00 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 451468
Error - 08/02/2014 17:16:00 | Computer Name = NadiaLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 451468
[ Hewlett-Packard Events ]
Error - 28/07/2013 16:24:51 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 11/08/2013 17:00:14 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 11/08/2013 17:00:15 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 29/09/2013 15:20:28 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 29/09/2013 15:20:28 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 29/09/2013 15:20:28 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 01/10/2013 09:55:31 | Computer Name = NadiaLaptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024891 at System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean
bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String filename,
Encoding encoding) at System.Xml.XmlDocument.Save(String filename) at HP.SupportFramework.Service.ACLM.AssetAgent.AAProcessExited()
Message:
Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfo2.xml'
is denied. StackTrace: at System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String filename, Encoding
encoding) at System.Xml.XmlDocument.Save(String filename) at HP.SupportFramework.Service.ACLM.AssetAgent.AAProcessExited()
Source:
mscorlib Name: hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: en-US RAM: 6036 Ram Utilization: 30 TargetSite:
Void WinIOError(Int32, System.String)
Error - 02/10/2013 09:26:12 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6036
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 19/11/2013 13:49:03 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
Error - 17/12/2013 13:40:25 | Computer Name = NadiaLaptop | Source = HPSF.exe | ID = 2000
Description =
[ System Events ]
Error - 02/04/2014 12:32:10 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 12:42:10 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 12:52:10 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:02:10 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:04:42 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:12:10 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:13:17 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:13:27 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:20:48 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
Error - 02/04/2014 13:21:02 | Computer Name = NadiaLaptop | Source = DCOM | ID = 10005
Description =
< End of report >
Satchfan
2014-04-06, 15:56
Hello again
P2P - I see you have P2P software, (uTorrent ), installed on your machine.
We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.
If your computer is infected, it almost certainly contributed to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305923-perils-p2p-file-sharing.html).
I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.
Should you decide to keep it, please don’t use it until we have finished up here.
That said, I don’t see any evidence of malware on your computer.
I see you have already run AdwCleaner, which should have dealt with it.
It could be a false-positive but after cleaning out some junk we’ll have a look and see if any remnants are lurking.
================================================
Run OTL
double click on the icon to run it.
copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
MOD - [2014/04/05 21:27:50 | 001,157,120 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ssl.pyd
MOD - [2014/04/05 21:27:50 | 000,811,008 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._windows_.pyd
MOD - [2014/04/05 21:27:50 | 000,805,888 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._gdi_.pyd
MOD - [2014/04/05 21:27:50 | 000,712,192 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_hashlib.pyd
MOD - [2014/04/05 21:27:50 | 000,110,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pywintypes27.dll
MOD - [2014/04/05 21:27:50 | 000,070,656 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._html2.pyd
MOD - [2014/04/05 21:27:50 | 000,026,624 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_multiprocessing.pyd
MOD - [2014/04/05 21:27:50 | 000,024,064 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pipe.pyd
MOD - [2014/04/05 21:27:49 | 001,062,400 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._controls_.pyd
MOD - [2014/04/05 21:27:49 | 000,686,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\unicodedata.pyd
MOD - [2014/04/05 21:27:49 | 000,127,488 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pyexpat.pyd
MOD - [2014/04/05 21:27:49 | 000,087,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ctypes.pyd
MOD - [2014/04/05 21:27:49 | 000,038,912 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32inet.pyd
MOD - [2014/04/05 21:27:49 | 000,035,840 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32process.pyd
MOD - [2014/04/05 21:27:49 | 000,025,600 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pdh.pyd
MOD - [2014/04/05 21:27:49 | 000,018,432 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32event.pyd
MOD - [2014/04/05 21:27:49 | 000,017,408 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32profile.pyd
MOD - [2014/04/05 21:27:49 | 000,010,240 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\select.pyd
MOD - [2014/04/05 21:27:48 | 001,175,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._core_.pyd
MOD - [2014/04/05 21:27:48 | 000,735,232 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._misc_.pyd
MOD - [2014/04/05 21:27:48 | 000,557,056 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pysqlite2._sqlite.pyd
MOD - [2014/04/05 21:27:48 | 000,525,640 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/05 21:27:48 | 000,364,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pythoncom27.dll
MOD - [2014/04/05 21:27:48 | 000,320,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32com.shell.shell.pyd
MOD - [2014/04/05 21:27:48 | 000,128,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_elementtree.pyd
MOD - [2014/04/05 21:27:48 | 000,122,368 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._wizard.pyd
MOD - [2014/04/05 21:27:48 | 000,119,808 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32file.pyd
MOD - [2014/04/05 21:27:48 | 000,108,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32security.pyd
MOD - [2014/04/05 21:27:48 | 000,098,816 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32api.pyd
MOD - [2014/04/05 21:27:48 | 000,044,032 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_socket.pyd
MOD - [2014/04/05 21:27:48 | 000,022,528 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32ts.pyd
MOD - [2014/04/05 21:27:48 | 000,011,264 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32crypt.pyd
IE:64bit: - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [AD2A7E21FB3C3DB169EC5EE6823D4B475C9622BD._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[2013/03/16 20:36:13 | 000,003,584 | ---- | C] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Stay With You.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\PG[18NOV2009-103700]_converted.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\paypal.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Insurance Schedule Insured.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\grattan.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\decree absolute.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Council Tax - Worrell.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\birth cert.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Barclaycard Statement.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\Letter head DP.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\businesscard-001.jpg:Roxio EMC Stream
@Alternate Data Stream - 195 bytes -> C:\Users\Nadia\SkyDrive.old:ms-properties
@Alternate Data Stream - 179 bytes -> C:\Users\Nadia\SkyDrive:ms-properties
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]
click the Run Fix button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log
===================================================
Please download SystemLook from one of the links below and save it to your Desktop.
SystemLook (32-bit) (http://downloads.malwareremoval.com/SystemLook/SystemLook.exe)
SystemLook (64-bit) (http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe)
double-click SystemLook.exe to run it.
copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:
:filefind
*bho.dll*
*prxtbMixi.dll*
*pricepeep.dll*
:folderfind
*2YourFace*
*Mixi.DJ*
*PricePeep*
:Regfind
2YourFace
Mixi.DJ
PricePeep
click the Look button to start the scan.
when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Logs to include in the next post:
OTL fix log
SystemLook.txt
Satchfan
I've run OTL and restarted but lost the file that popped up. Also when I try to start chrome I get an error message, I've attached it as a screenshot.
When I clicked the close button I got the attached message too.
Satchfan
2014-04-06, 22:32
The OTL fix log can be found at C:\_OTL\MovedFiles. It will have a file name consisting of numbers that reflect the date and time the fix was run. It will be something similar to 06042014_*****.log .
The Chrome problem is because of a deleted file. We'll deal with that shortly. Meanwhile, please send the OTL ‘fix’ log and the SystemLook log.
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2536830986-821511902-3680961864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AD2A7E21FB3C3DB169EC5EE6823D4B475C9622BD._service_run deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe moved successfully.
C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\Users\Nadia\Documents\Stay With You.mp3:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\PG[18NOV2009-103700]_converted.mpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\paypal.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\Insurance Schedule Insured.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\grattan.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\decree absolute.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\Council Tax - Worrell.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\birth cert.tif:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Documents\Barclaycard Statement.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Desktop\Letter head DP.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Nadia\Desktop\businesscard-001.jpg:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Nadia\SkyDrive.old:ms-properties .
Unable to delete ADS C:\Users\Nadia\SkyDrive:ms-properties .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nadia\Desktop\cmd.bat deleted successfully.
C:\Users\Nadia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: Nadia
->Temp folder emptied: 22731120 bytes
->Temporary Internet Files folder emptied: 7742910 bytes
->Google Chrome cache emptied: 25347177 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
RecycleBin emptied: 1054379 bytes
Total Files Cleaned = 54.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04062014_181127
Files\Folders moved on Reboot...
C:\Users\Nadia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nadia\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
C:\Users\Nadia\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
SystemLook 04.09.10 by jpshortstuff
Log created at 21:30 on 06/04/2014 by Nadia
Administrator - Elevation successful
========== filefind ==========
Searching for "*bho.dll*"
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll --a---- 176736 bytes [22:36 11/08/2013] [15:17 28/11/2013] 166D6D7FDEAEFAF7174319F36B0521CB
C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll --a---- 209504 bytes [19:45 27/12/2013] [15:17 28/11/2013] 915ED4E0FEBA8AC1C522CF3F320FDE7A
Searching for "*prxtbMixi.dll*"
No files found.
Searching for "*pricepeep.dll*"
No files found.
========== folderfind ==========
Searching for "*2YourFace*"
No folders found.
Searching for "*Mixi.DJ*"
No folders found.
Searching for "*PricePeep*"
No folders found.
========== Regfind ==========
Searching for "2YourFace"
No data found.
Searching for "Mixi.DJ"
No data found.
Searching for "PricePeep"
No data found.
-= EOF =-
Satchfan
2014-04-07, 11:26
Well nothing shows up in those.
Let’s restore the Chrome file & then run an online scan to be sure there is nothing else.
click the arrow icon at the bottom of the screen to open Apps
on the Apps screen, locate the “Windows System” heading, (you may need to swipe or scroll to the right, depending on the size of your screen)
right-click, on Command Prompt and from the menu that appears, click on Run as administrator
now either copy/paste or type it in the following:
copy "C:\_OTL\MovedFiles\06042014_181127\C_Program Files (x86)\Google\Chrome\Application\chrome.exe” “C:\Program Files (x86)\Google\Chrome\Application”
press Enter.
You should get a “1 file copied” message, which lets you know it was copied successfully.
===================================================
Run ESET Online Scan
IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner)
click the Eset online Scanner button
for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop
- double click on the Eset installer icon on your desktop
check Yes, I accept the Terms of Use
click the Start button
accept any security warnings from your browser
check Scan archives and Remove found threats
click Advanced settings and select the following:
- scan potentially unwanted applications
- scan for potentially unsafe applications
- enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
when the scan completes, push List of found threats
push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
push the back button.
push Finish
When the scan is complete:
If no threats were found:
o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found
If threats were found:
o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o Click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here
Thanks
Satchfan
Tried the first part but I get the message
the filename, directory name or volume label syntax is incorrect
0 files copied
found an error in the filename 04 and 06 were wrong way round, tried it with that corrected but there must be another error in the string.
Satchfan
2014-04-07, 12:31
Sorry about the date mistake.
Make sure there is a space between "C:\_OTL\MovedFiles\04062014_181127\C_Program Files (x86)\Google\Chrome\Application\chrome.exe” and “C:\Program Files (x86)\Google\Chrome\Application”
copySPACE"C:\_OTL\MovedFiles\04062014_181127\C_Program Files (x86)\Google\Chrome\Application\chrome.exe”SPACE“C:\Program Files (x86)\Google\Chrome\Application”
Satchfan
2014-04-07, 13:04
I don't understand why it isn't working.
We could do a search but it may be easier to uninstall/re-install Chrome.
Let me know what you decide.
Please also run the Eset scan.
I've reinstalled chrome and now running ESET scanner, will post results.
Ooops, I started running ESET but realised I'd missed out the step at the beginning of your post saying to untick "remove infections". It found 8 things but I stopped it about half way through scanning and restarted the scan and removed the tick. I'm hoping that it would've removed anything at the end and not as it went along.
C:\Users\Nadia\AppData\Local\Microsoft\Windows\FileHistory\Data\95\C\Users\Nadia\Downloads\ccsetup412 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Nadia\AppData\Local\Microsoft\Windows\FileHistory\Data\95\C\Users\Nadia\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC Desire HD A9191(G10)_20120715125452\com.omgpop.dstfree.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC Desire HD A9191(G10)_20120927202954\atticlab.MosquitoRepellent.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC Desire HD A9191(G10)_20120927202954\com.rovio.angrybirds.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC Desire HD A9191(G10)_20121126195445\com.rovio.angrybirds.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC Desire HD A9191(G10)_20121126201344\com.rovio.angrybirds.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20130606201905\com.appeffectsuk.bustracker.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20130718152938\com.appeffectsuk.bustracker.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20130916175726\com.appeffectsuk.bustracker.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20130916175726\com.mp3.mp3pro.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20131002220856\com.appeffectsuk.bustracker.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20131002220856\com.mp3.mp3pro.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20131209130353\com.appeffectsuk.bustracker.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\HTC One X_20131209130353\com.mp3.mp3pro.apk a variant of Android/Leadbolt.E potentially unwanted application
C:\Users\Nadia\Documents\Wondershare\MobileGo\Backup\MobileGo_120515091619\com.omgpop.dstfree.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Nadia\Downloads\cbsidlm-cbsi183-Free_MKV_Player-ORG-75978742.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Nadia\Downloads\ccsetup412 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Nadia\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Nadia\Downloads\Mud {2013} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Nadia\Downloads\Oblivion {2013} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\KMSEmulator.exe Win32/HackKMS.A potentially unsafe application
Satchfan
2014-04-08, 11:08
Sorry for the delay.
Nothing that was found is a real threat but some programs in your ‘Downloads’ folder are bundled with 3rd-party software, such as unwanted/undesirable toolbars.
Also, there is an entry that suggests you have a ‘cracked’ copy of MS Office which brings its own problems.
In the top forums there is a general consensus amongst the malware experts/helpers that if people come to us with cracked software we will refuse to help; one reason being that it is illegal and the other is that the infections that have ended up on their computers have been invited by introducing cracked software.
We’ll run one more scan and then I think we should be OK to tidy up.
Download Malwarebytes-Anti-Malware
Click here (http://www.filehippo.com/download_malwarebytes_anti_malware/) (at the top of the page, click on "Download Current Version")
double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Can you tell me if there are any outstanding problems.
Satchfan
MBAM found nothing, see log below. All the items that were found in the ESET scan are things that have been on my laptop for months (apart from the ones seemingly installed by CC Cleaner but I installed that after S&D gave me the errors when I told it to delete temporary items it didn't). The rest have never been picked up by S&D, and i run scans regularly, which is why if they are the culprits i'm confused as to why they're showing up now. Could S&D be playing up?
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.04.05.02
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Nadia :: NADIALAPTOP [administrator]
08/04/2014 14:12:07
mbam-log-2014-04-08 (14-12-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230986
Time elapsed: 5 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Satchfan
2014-04-08, 18:46
Can you run SS&D again and tell me exactly what it finds.
Thanks
Satchfan
Search results from Spybot - Search & Destroy
08/04/2014 18:11:51
Scan took 00:24:07.
6 items found.
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2536830986-821511902-3680961864-1001\Software\Microsoft\Internet Explorer\TypedURLs
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2536830986-821511902-3680961864-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (7) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-11-03 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-03-31 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-03-31 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-03-31 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-03-31 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Satchfan
2014-04-09, 10:57
They aren't harmful, they are only ‘usage tracks’, (traces of your computer’s history). If you turn off Tracks.uti you should be fine:
Open SS&D, double-click on Settings and then click on the "Categories" tab. Scroll down to the bottom where you’ll see “Usage tracks”; remove the check mark beside Tracks.uti.
Any other outstanding problems?
Ok all done. I think Spybot developers need to be made aware of this issue as users shouldn't need to go through all the above. I've been using it for years and something in the program has changed in a recent update without my knowledge for these tracks to now start showing up. Thank you for all your help.
Satchfan
2014-04-09, 17:01
I think Spybot developers need to be made aware of this issue as users shouldn't need to go through all the above. I don’t think that this is an “issue” but merely indicates how thoroughly SS&D analyses and reports any changes to the computer.
Spybot – Search & Destroy has always been, (and still is), the best real-time spyware program on the market and as the developers continue to make it even more efficient, I appreciate that it can be difficult to interpret some results. There are, however, various tutorials available with reference to the most common results and if you are unable to find an answer to your specific query, that’s what this forum is here to help with.
There is a tutorial here (http://www.safer-networking.org/tutorials/) that also has a link about “Usage Tracks”. I hope that helps.
Thank you for all your help. You are welcome and I’m pleased that we managed to solve your query.
Let’s tidy up.
Uninstall OTL
double-click OTL.exe
click the CleanUp! button.
select Yes when the Begin cleanup Process? prompt appears.
if you are prompted to reboot during the cleanup, select Yes.
the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
You can delete all other logs and programs we’ve used that are on your desktop.
Safe computing
Satchfan
Satchfan
2014-04-09, 18:52
Since this issue appears to be resolved, this topic is now closed.