Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop-ups and text-links in Chrome & Firefox [Solved]

popups textlinks chrome firefox

  • This topic is locked This topic is locked
17 replies to this topic

#1 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 18 January 2014 - 10:56 PM

Hello,

 

I've been facing an issue with Chrome and Firefox for quite a bit of time (more than 6 months, I think) - text-link ads and pop-ups creep up on every page I try to browse on.

 

I've re-installed my browsers - tried various anti-spyware and anti-malware programs. However, the issues just kept coming back. Finally, i tried to do a OS re-install yesterday - however, due to some hardware conflict, I couldn't get that done.

 

So, essentially, this is my last resort. Thank you for your help in advance!

 

Regards,

LM

 

PS: My OTL logs follow below.


Edited by lastmohican, 18 January 2014 - 10:58 PM.

    Advertisements

Register to Remove


#2 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 18 January 2014 - 11:01 PM

==============
OTL.txt Log
 
OTL logfile created on: 1/19/2014 10:02:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\g\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.47 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 64.02% Memory free
6.94 Gb Paging File | 5.18 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.31 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 18.45 Gb Free Space | 39.62% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 69.79 Mb Free Space | 69.79% Space Free | Partition Type: NTFS
Drive F: | 100.00 Gb Total Space | 31.73 Gb Free Space | 31.73% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 42.86 Gb Free Space | 42.86% Space Free | Partition Type: NTFS
Drive H: | 219.17 Gb Total Space | 121.84 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
Drive J: | 244.14 Gb Total Space | 213.97 Gb Free Space | 87.64% Space Free | Partition Type: NTFS
Drive K: | 250.00 Gb Total Space | 158.48 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive L: | 359.37 Gb Total Space | 359.03 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive M: | 1009.50 Gb Total Space | 450.85 Gb Free Space | 44.66% Space Free | Partition Type: NTFS
 
Computer Name: G-PC | User Name: g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\g\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\g\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\g\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Users\g\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Users\g\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2zqqop.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9796bf3f45b98b97742127129a884c81\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\113d64b48a676dafec5ff47f415a61ab\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d4ecef1f65341845a951bd510fd63595\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e324dff2b2c74722f126953c0923c53d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\0043a7e4d9b5a580d5ef20d0ee015930\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0df592a8e77a0395c5411e6ae355507\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3f4940afa8b8de8c008cff3fee26afe7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fa867940d96361cece5bcbe80b460258\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\60a47e43e63ff99badd71123b03848f6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\ecef0d002f6e863a162ccfbd4c545fae\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fb857bc91f4a970d157bf2c0f45ea0f7\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\cc434a6d9f615b8e5519d6a79fd56849\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Users\g\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Users\g\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HTCMonitorService) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SANDRA) -- D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys File not found
DRV - (cpuz130) -- C:\Users\g\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Electronics Inc)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.9.1.14
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.9.1.14
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.9.1.14
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.9.1.14
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.9.1.14
 
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.in/ [binary data]
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...T3&ocid=BDT3DHP
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..input\: a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\"else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]); else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=B);d=b.jsonpHost+\"/?v=\"+b.version+ \"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=2050661471&eid=20&pid=447\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(fun
FF - prefs.js..extensions.enabledAddons: %7B3e9a3920-1b27-11da-8cd6-0800200c9a66%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...3&ocid=BDT3DHP"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\g\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\g\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\g\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\g\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\g\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014/01/18 16:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014/01/18 16:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014/01/18 16:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014/01/18 16:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014/01/18 16:49:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/10/06 17:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/01/18 19:37:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/10/06 17:35:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/01/18 19:37:34 | 000,000,000 | ---D | M]
 
[2012/09/19 10:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\g\AppData\Roaming\Mozilla\Extensions
[2013/12/26 18:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions
[2013/03/15 21:56:35 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu
[2013/12/26 18:48:26 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\firebug@software.joehewitt.com.xpi
[2012/10/29 00:37:39 | 000,009,524 | ---- | M] () (No name found) -- C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2013/11/04 20:51:44 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMDATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.6.0
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\g\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\g\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\g\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\g\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: downloadUpdater (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\g\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\g\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\g\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\g\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Angry Birds = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Lucidchart Diagrams - Online = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\20.3_0\
CHR - Extension: YouTube = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\
CHR - Extension: User-Agent Switcher for Chrome = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg\1.0.26_0\
CHR - Extension: SaveAs = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\
CHR - Extension: Web Intents Debugger = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\gimkahfdbenbmeflimllpbjbicmlanmk\10_0\
CHR - Extension: Safe Money = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\
CHR - Extension: AirMech = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\21189_0\
CHR - Extension: Content Blocker = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0\
CHR - Extension: Virtual Keyboard = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0\
CHR - Extension: Any.do Extension = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0\
CHR - Extension: Any.do Extension = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0\.orig
CHR - Extension: Skype Click to Call = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Google Wallet = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\
 
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000..\Run: [Akamai NetSession Interface] C:\Users\g\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000..\Run: [googletalk] C:\Users\g\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2093712954-3236656608-2348121820-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\g\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - D:\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - D:\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - D:\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - D:\Free Download Manager\dllink.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE7E3B62-2511-44FE-AF06-7F85EF05662F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/29 23:06:03 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1896e3a3-ff36-11e1-bfe1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1896e3a3-ff36-11e1-bfe1-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{22ef02a2-4cb6-11e2-9114-3085a9b32bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{22ef02a2-4cb6-11e2-9114-3085a9b32bdc}\Shell\AutoRun\command - "" = N:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{eca21122-25f8-11e3-a32a-3085a9b32bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{eca21122-25f8-11e3-a32a-3085a9b32bdc}\Shell\AutoRun\command - "" = O:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/18 18:30:03 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/01/18 16:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
[2014/01/18 16:49:10 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2014/01/18 16:49:10 | 000,039,736 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2014/01/18 16:49:05 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014/01/18 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2014/01/18 16:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/18 16:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2014/01/18 16:49:00 | 000,595,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2014/01/18 16:49:00 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2014/01/18 16:37:52 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/01/18 16:37:52 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2014/01/18 16:37:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/01/18 16:37:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2014/01/18 16:37:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/01/18 16:37:51 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014/01/18 16:37:51 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/01/18 16:37:51 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014/01/18 16:37:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2014/01/18 16:37:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2014/01/18 16:37:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/01/18 16:37:51 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/01/18 16:37:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/01/18 16:37:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/01/18 16:37:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/01/18 16:34:52 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/18 16:34:10 | 000,000,000 | ---D | C] -- C:\history
[2014/01/18 16:29:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2014/01/18 16:29:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2014/01/18 16:29:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2014/01/18 16:27:49 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/01/18 16:25:30 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/01/18 16:25:30 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2014/01/18 16:25:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2014/01/18 16:25:30 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2014/01/18 16:25:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2014/01/18 16:25:30 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2014/01/18 16:25:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2014/01/18 16:25:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2014/01/18 16:25:30 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2014/01/18 16:25:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2014/01/18 16:25:30 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2014/01/18 16:25:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2014/01/18 16:25:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2014/01/18 16:25:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2014/01/18 16:25:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2014/01/18 16:25:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2014/01/18 16:25:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2014/01/18 16:25:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2014/01/18 16:25:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014/01/18 16:25:26 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2014/01/18 16:25:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2014/01/18 16:25:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/01/18 16:25:24 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/01/18 16:25:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2014/01/18 16:25:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2014/01/18 16:25:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/01/18 16:25:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2014/01/18 16:25:21 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/01/18 16:25:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2014/01/18 16:25:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2014/01/18 16:25:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/01/18 16:25:19 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/01/18 16:25:18 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2014/01/18 16:25:18 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2014/01/18 16:25:18 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2014/01/18 16:25:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2014/01/18 16:25:18 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/18 16:25:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2014/01/18 16:25:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2014/01/18 16:25:17 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/01/18 16:25:17 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/01/18 16:25:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2014/01/18 16:25:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/01/18 16:24:10 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/01/17 21:26:12 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/17 21:25:49 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/17 21:25:48 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/13 16:19:39 | 000,000,000 | R--D | C] -- C:\Users\g\Dropbox
[2014/01/12 12:18:00 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Roaming\DropboxMaster
[2014/01/12 12:17:49 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/08 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\g\Desktop\Baby Shower Cake Images
[2013/12/22 11:50:23 | 000,000,000 | ---D | C] -- C:\Users\g\Desktop\kitties
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/19 09:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000UA.job
[2014/01/19 09:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/18 22:45:46 | 000,000,218 | ---- | M] () -- C:\Users\g\AppData\Local\recently-used.xbel
[2014/01/18 21:35:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000Core.job
[2014/01/18 20:05:09 | 000,000,000 | ---- | M] () -- C:\Users\g\.gtk-bookmarks
[2014/01/18 18:40:46 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/18 18:40:46 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/18 18:37:24 | 000,345,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/18 18:37:24 | 000,053,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/18 18:31:01 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/01/18 18:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/18 18:30:56 | 2793,832,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/18 17:12:00 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/01/18 16:49:54 | 000,002,166 | ---- | M] () -- C:\Users\g\Desktop\Safe Money.lnk
[2014/01/18 16:49:16 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2014/01/18 16:39:56 | 000,412,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/17 21:37:34 | 000,002,344 | ---- | M] () -- C:\Users\g\Desktop\Google Chrome.lnk
[2014/01/13 16:19:39 | 000,001,031 | ---- | M] () -- C:\Users\g\Desktop\Dropbox.lnk
[2014/01/12 12:18:03 | 000,001,041 | ---- | M] () -- C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/29 21:18:26 | 000,364,255 | ---- | M] () -- C:\Users\g\Desktop\port2port_responsive1.png
[2013/12/29 21:13:02 | 000,378,264 | ---- | M] () -- C:\Users\g\Desktop\port2port_responsive.png
 
========== Files Created - No Company Name ==========
 
[2014/01/18 22:45:46 | 000,000,218 | ---- | C] () -- C:\Users\g\AppData\Local\recently-used.xbel
[2014/01/18 20:05:09 | 000,000,000 | ---- | C] () -- C:\Users\g\.gtk-bookmarks
[2014/01/18 16:49:54 | 000,002,166 | ---- | C] () -- C:\Users\g\Desktop\Safe Money.lnk
[2014/01/18 16:49:22 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2014/01/18 16:29:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/13 16:19:39 | 000,001,031 | ---- | C] () -- C:\Users\g\Desktop\Dropbox.lnk
[2014/01/12 12:18:03 | 000,001,041 | ---- | C] () -- C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/29 21:15:28 | 000,364,255 | ---- | C] () -- C:\Users\g\Desktop\port2port_responsive1.png
[2013/12/29 21:12:58 | 000,378,264 | ---- | C] () -- C:\Users\g\Desktop\port2port_responsive.png
[2013/11/23 17:56:14 | 000,006,557 | ---- | C] () -- C:\Users\g\AppData\Local\recently-used.xbel.PN1I7W
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/12 09:26:42 | 000,569,344 | ---- | C] () -- C:\Windows\System32\Cmeau108.exe
[2013/05/12 09:26:42 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2013/05/12 09:26:42 | 000,000,103 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2013/05/12 09:26:31 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2013/05/12 09:26:31 | 000,001,459 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2013/05/12 09:26:31 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini
[2013/05/12 09:26:31 | 000,000,274 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2013/03/25 18:13:24 | 000,003,584 | ---- | C] () -- C:\Users\g\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/15 18:49:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/15 18:49:20 | 000,035,072 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/15 18:22:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/25 19:53:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/08/25 19:53:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/08/18 22:24:01 | 000,007,601 | ---- | C] () -- C:\Users\g\AppData\Local\Resmon.ResmonCfg
[2012/07/28 07:00:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/07/28 07:00:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/07/27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/04/13 01:00:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 07:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/13 10:15:11 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Canneverbe Limited
[2012/10/18 18:17:55 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Charles
[2013/09/01 10:45:01 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2013/04/27 10:22:33 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Doublefine
[2014/01/19 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Dropbox
[2014/01/13 16:19:39 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\DropboxMaster
[2013/09/28 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\FileZilla
[2013/11/04 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Free Download Manager
[2013/03/05 22:46:22 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Freelancer
[2013/03/24 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\HandBrake
[2013/11/22 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\HTC
[2012/10/29 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Juniper Networks
[2012/12/31 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Notepad++
[2013/04/24 20:58:29 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Origin
[2013/11/23 18:46:05 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Participatory Culture Foundation
[2013/08/15 08:03:03 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Samsung
[2012/09/16 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\TeraCopy
[2014/01/18 19:47:08 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\uTorrent
[2012/10/29 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\webex
[2013/06/22 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 07:37:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2009/07/14 07:37:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/11 03:04:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/11 03:04:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: EXPLORER.EXE.1856.DMP  >
[2013/10/19 20:48:13 | 001,804,836 | ---- | M] () MD5=544045B818A8CA3AE60906A664B9D35B -- C:\Users\g\AppData\Local\CrashDumps\explorer.exe.1856.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 07:36:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 07:36:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
 
< MD5 for: EXPLORER.ZIP  >
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2013/11/26 23:51:14 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/26 23:51:14 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_1eeed3e40a768844\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/26 23:51:14 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/26 23:51:14 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_189b695b4223c92b\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/11 03:09:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 03:09:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.CFG  >
[2013/12/19 00:12:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.ESM  >
[2013/09/17 16:14:38 | 000,009,654 | ---- | M] () MD5=E2314A73B92A544C3F87DE5D30B2D1B2 -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\services.esm
[2013/09/17 16:14:38 | 000,009,654 | ---- | M] () MD5=E2314A73B92A544C3F87DE5D30B2D1B2 -- C:\Users\g\AppData\Local\Temp\services.esm
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 07:33:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 07:33:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.JSM  >
[2013/03/12 00:08:42 | 000,006,317 | ---- | M] () MD5=C698274FE1590498B56DEDB947AEFF16 -- C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\modules\Services.jsm
 
< MD5 for: SERVICES.JSON  >
[2013/10/07 23:07:24 | 000,003,069 | ---- | M] () MD5=A862B522789C22C2E181E8C48749C8B8 -- C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0\config\services.json
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 10:11:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 10:11:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/11 02:56:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 02:56:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 07:38:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 02:51:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 07:38:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 02:51:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/14 01:50:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 01:50:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 07:35:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2009/07/14 07:35:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/11 03:13:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 03:13:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 17:42:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/20 17:42:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 07:39:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2009/07/14 07:39:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/14 02:07:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/14 02:07:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2009/06/11 03:12:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/11 03:12:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/01/18 18:30:56 | 2793,832,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/18 18:30:58 | 3725,111,296 | -HS- | M] () -- C:\pagefile.sys
[2013/11/05 10:25:14 | 000,002,232 | ---- | M] () -- C:\{6268A081-93F2-4463-B6D6-2CC2814270C7}
 
< %systemroot%\Fonts\*.com >
[2009/07/14 10:22:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 10:22:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 10:22:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 10:22:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 03:01:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 06:45:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 06:45:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 17:51:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 10:11:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 28EE-E446
 Directory of C:\
07/14/2009  10:23 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  10:23 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  10:23 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  10:23 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  10:23 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  10:23 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  10:23 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  10:23 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  10:23 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  10:23 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  10:23 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  10:23 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  10:23 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  10:23 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  10:23 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  10:23 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  10:23 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  10:23 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  10:23 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  10:23 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  10:23 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  10:23 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  10:23 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  10:23 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  10:23 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  10:23 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  10:23 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  10:23 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  10:23 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  10:23 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  10:23 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\g
08/09/2012  12:44 PM    <JUNCTION>     Application Data [C:\Users\g\AppData\Roaming]
08/09/2012  12:44 PM    <JUNCTION>     Cookies [C:\Users\g\AppData\Roaming\Microsoft\Windows\Cookies]
08/09/2012  12:44 PM    <JUNCTION>     Local Settings [C:\Users\g\AppData\Local]
08/09/2012  12:44 PM    <JUNCTION>     My Documents [C:\Users\g\Documents]
08/09/2012  12:44 PM    <JUNCTION>     NetHood [C:\Users\g\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/09/2012  12:44 PM    <JUNCTION>     PrintHood [C:\Users\g\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/09/2012  12:44 PM    <JUNCTION>     Recent [C:\Users\g\AppData\Roaming\Microsoft\Windows\Recent]
08/09/2012  12:44 PM    <JUNCTION>     SendTo [C:\Users\g\AppData\Roaming\Microsoft\Windows\SendTo]
08/09/2012  12:44 PM    <JUNCTION>     Start Menu [C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu]
08/09/2012  12:44 PM    <JUNCTION>     Templates [C:\Users\g\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\g\AppData\Local
08/09/2012  12:44 PM    <JUNCTION>     Application Data [C:\Users\g\AppData\Local]
08/09/2012  12:44 PM    <JUNCTION>     History [C:\Users\g\AppData\Local\Microsoft\Windows\History]
08/09/2012  12:44 PM    <JUNCTION>     Temporary Internet Files [C:\Users\g\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\g\Documents
08/09/2012  12:44 PM    <JUNCTION>     My Music [C:\Users\g\Music]
08/09/2012  12:44 PM    <JUNCTION>     My Pictures [C:\Users\g\Pictures]
08/09/2012  12:44 PM    <JUNCTION>     My Videos [C:\Users\g\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  10:23 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  10:23 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  10:23 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  13,140,750,336 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/08/25 09:13:53 | 000,000,221 | -HS- | M] () -- C:\Users\g\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/05/04 10:17:11 | 094,175,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\g\Desktop\13-4_vista_win7_win8_32_dd_ccc_whql.exe
[2013/05/04 10:16:53 | 142,140,816 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\g\Desktop\13-4_vista_win7_win8_64_dd_ccc_whql.exe
[2013/04/30 21:42:07 | 006,953,496 | ---- | M] (Microsoft Corporation) -- C:\Users\g\Desktop\Silverlight.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-01-18 13:00:13
 
< End of report >
 
=============

OTL Extras logfile created on: 1/19/2014 10:02:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\g\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.47 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 64.02% Memory free
6.94 Gb Paging File | 5.18 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.31 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 18.45 Gb Free Space | 39.62% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 69.79 Mb Free Space | 69.79% Space Free | Partition Type: NTFS
Drive F: | 100.00 Gb Total Space | 31.73 Gb Free Space | 31.73% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 42.86 Gb Free Space | 42.86% Space Free | Partition Type: NTFS
Drive H: | 219.17 Gb Total Space | 121.84 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
Drive J: | 244.14 Gb Total Space | 213.97 Gb Free Space | 87.64% Space Free | Partition Type: NTFS
Drive K: | 250.00 Gb Total Space | 158.48 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive L: | 359.37 Gb Total Space | 359.03 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive M: | 1009.50 Gb Total Space | 450.85 Gb Free Space | 44.66% Space Free | Partition Type: NTFS
 
Computer Name: G-PC | User Name: g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ACF580A-828B-4B41-BDFE-D46B2CD78AC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{236DF43E-C2F3-493A-AD36-3138D2B5A332}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3C3140A0-83CD-4B54-81AC-4E0EB3C4E30A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{44628FAB-5A70-49C4-A6EB-ECA06AE2B0E4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{463917F6-F073-44D1-9CDA-73D471762940}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4FB01871-F9A5-4479-9EB4-220569F00900}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5630104E-A208-4633-9AD9-62341A3CEFF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62133FBD-F4B0-4066-BD1A-1931B485B1D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{649E7F0A-C2B1-4DE2-B3FA-87DA0EBDB8DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B883098-A33A-44B8-BB59-71578C095D92}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88A3C277-D3E0-47A5-9FB3-B5582A1FB07C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D3C832E-3419-44C4-8000-7B98C01C2F63}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CAA06E57-E99D-4859-8252-976879E557B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAB5D7E2-7567-41D0-A6EB-EA242C5E5F08}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CD4A80AF-95A7-4280-98EE-3059B6A703C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D127D1A7-EF1C-44FD-89F9-673504CA3638}" = lport=rpc | protocol=6 | dir=in | app=d:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x86\rpcsandrasrv.exe | 
"{D1F6E1E4-7A39-4EB6-BDE2-8B74E52A2D64}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2015555-4804-4997-9B6D-6ABCAB73CCFA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{DF70A969-3F93-4954-A3E8-FD865309E7E9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E22A9C3A-BC9C-4BC1-8E49-484D08A215D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7301955-056F-46C5-9598-7A7BFF7D67F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FA4D841A-3E1A-4FE0-9B8B-7D23AC2ED86A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FE075B59-0D96-47E0-B28F-DFCD4EDD2BD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DF54D5-9C2F-4C20-80BF-44F5C8A02561}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{00FD7067-BB9F-4E66-8E25-0E39F1041855}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{01085C28-8AF1-4197-8431-7E7B7DBA157A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{024E1D52-AED4-4FE1-871B-DB97A1CF27F9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{030C8A35-CA0A-4D38-BFE2-B6AB69F31238}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\codsp.exe | 
"{06CF5939-22EF-4943-82AD-B677CD42D7FD}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{08384F48-94BC-49AE-B98C-DC6AF38C6AA1}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{092442F0-E1F0-4F74-895C-8CE92AD5FF7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{092C825E-B36D-4425-946B-8873709959A9}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{0F2061AA-8FBC-4D66-B66B-E6E75C12F209}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\jade empire\jadeempirelauncher.exe | 
"{11E0A9A4-816C-4884-A73E-D176E136A07A}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe | 
"{16902A15-9693-4276-A9E6-BD9C6C47A230}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16F187F3-D0D6-4FDE-9EAA-7EC959F3A1D9}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{176263FD-F577-4DEF-8912-E346AEB5B70E}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{1768B96A-9400-44C9-8B3E-04BE03D33512}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{1B84E6AB-FD44-4E34-B561-A8C43EFAB1D7}" = protocol=17 | dir=in | app=c:\users\g\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1C94C7C8-EC46-4BC1-8FC2-2F3B2E457894}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{1D5E8488-CB95-41BA-91ED-76832FA57B81}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1D859B87-58DE-4B3B-86B9-E76142C3CA10}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\coduomp.exe | 
"{1DE9A7B4-4527-41C7-82B0-B2E56F38E71D}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{1E340C90-4814-4FC3-8490-F9EC343DDFB6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1E3B92E9-1386-4DD3-8D2A-6675A36E0FD3}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{21624BA2-9680-48F5-978A-8A9EE6E415DC}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{2BD89493-10EB-4C29-92DE-1513317E1BF4}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\overlord\config.exe | 
"{2EA9445C-CA2B-406D-992D-59943435351B}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\codsp.exe | 
"{2EBB6AD4-26E7-4FEF-871D-E0A4F97C7F97}" = protocol=17 | dir=in | app=l:\steamlibrary\steamapps\common\ynab 4\ynab 4.exe | 
"{2F8108F5-CACE-41DF-8E5D-6B8713A0426E}" = protocol=6 | dir=in | app=c:\users\g\appdata\roaming\dropbox\bin\dropbox.exe | 
"{30C77E17-2711-48C0-B8FA-D29C4F2DDDE3}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3356338E-C25E-46F3-A899-DC8313A8D441}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{33B8C5DB-B398-44DF-8306-581B5ECB943F}" = protocol=6 | dir=out | app=system | 
"{39CDAADA-891D-4601-9C1F-6C5DF0BAD24A}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{3B915A74-84BF-4D88-8E55-EFC823A7D47A}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\overlord\overlord.exe | 
"{3BC63E4C-3F1E-49F2-AB10-B34B4B803E02}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\overlord\overlord.exe | 
"{3CE6FBF0-C728-4A0C-B3B6-04315D619542}" = protocol=17 | dir=in | app=m:\program files\steam\steam.exe | 
"{3CF6E91F-480B-4A47-8471-E68DFB1E86C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E4F5B97-4CFC-4E66-B3E9-2C4B604F6C2B}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{3E904CB9-95D2-436D-BED3-11C44AC75EAF}" = protocol=6 | dir=in | app=c:\users\g\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3F57D32F-3E91-4651-8D64-98A053972206}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{453B0010-3AEF-4131-BADD-A611A232A6BC}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\amd driver updater, xp, 32 bit\setup.exe | 
"{4B3BE753-369B-4ED9-929E-E0B6E356EEF7}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{4B4B5D73-B246-48C2-9C3F-CC20F2450105}" = protocol=6 | dir=in | app=m:\program files\steam\steam.exe | 
"{4E72368E-2FC1-4111-B154-608475B3F1FC}" = protocol=6 | dir=in | app=l:\steamlibrary\steamapps\common\ynab 4\ynab 4.exe | 
"{50505B29-E913-4912-96AB-4106B7EA93AB}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{54090D18-58C6-4C73-9E97-4A2AA816E504}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{55DF8F23-0D40-41CB-BC5A-B535C7C284BB}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{575506F8-D27C-44D8-A327-69CF0828F1E1}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\codmp.exe | 
"{57B0909C-CDC5-46FD-97BF-D91580E6FD4C}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe | 
"{5A3F529C-2B5F-451C-92E2-488E9D396A50}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{5CB2199C-C976-4EFB-AD83-468D4692DFB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5EDDFF30-4BF6-4DB2-81CB-4A45A4E20868}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\jade empire\jadeempireconfig.exe | 
"{5F3536FD-A455-4FF6-B246-B6CCFA559909}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\codmp.exe | 
"{60C28483-58F2-430F-BCFC-CB1D9BCC1A1A}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe | 
"{60EC9F6B-0AA9-4834-B95B-2CE983049B41}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{6141FB54-B541-44D6-8AF7-91BC45D03C5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{619EEF05-8CC6-4D02-B2FA-43607BE03185}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{63DB486C-564B-4DFE-8535-7CF04CD9E6CC}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\portal\hl2.exe | 
"{6505EE4A-1CD3-4C5A-A328-C6F9F6BAD4B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{654C673F-4416-4171-B3D3-D3708BE272F1}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\overlord\config.exe | 
"{6698F9C4-6676-4822-9D4F-E002407B0B0B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{6872EC1B-7C7F-44A7-B583-23154CA99C29}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe | 
"{6A44457E-7636-4624-8D44-10E1309AD77D}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{6B283746-C370-4E4C-9BB6-B7B1023F6916}" = protocol=6 | dir=in | app=m:\program files\halo2\halo2.exe | 
"{6BA995AE-9E60-4F03-926D-3F7ECF40B20C}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe | 
"{6C14FC9C-7C66-4EDC-9B35-6A2F9F74A150}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6DFE9FA6-E752-436E-A946-C06AD3DBA6EF}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{75DBF367-7D9D-412C-B1CF-9E6D0EBFD5C4}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{7AA61AFF-93EF-49BB-8603-1A7D29BFE311}" = protocol=17 | dir=in | app=m:\program files\halo2\halo2.exe | 
"{7B476E49-A176-4446-944C-7DBBF06EBB79}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{8003D0A4-D408-4C18-B51D-E9356AE00667}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{87EFCF4F-6C44-42B2-A7CA-0F6A3FCBB158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89C08E77-5519-4740-954A-298A61DF06F6}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{8BA2B2CA-629D-467B-B207-8C7915A5CCCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92622832-BF73-4732-B0A2-459FB1D07FD9}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\hardreset\hardreset.exe | 
"{963B6E0E-42C6-4050-83C1-68506398868B}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9831B3D1-900D-43F5-828A-38878936D561}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{987FAC32-ED11-477E-A745-1DD23AD6D34E}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{A11192C9-C49E-466F-9BF8-2271EDABB47B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5FEF8A5-8378-40CD-A7E6-1BE68F90440C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A6E1F7EF-59B9-4DD5-8D6D-7A1F9894421F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{A7050AC4-2981-41CC-AD96-F333DE01CA58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7289449-0C0A-4262-B2A3-CCF4D1CBE96E}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{A79E8235-CA83-4B3E-B48F-15C4694913BF}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{A962008C-070E-458B-9409-465A397D8F00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB7BC494-ED08-4B05-83A6-E973F3F2CAEE}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{AE4D4A3D-2A23-41D1-8450-6E253A6247D0}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{AE56D888-ED8A-437F-A5EB-B5BC8CAA00F8}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{AFE9F102-339F-4975-8693-C40ED1E80527}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{B10CE9F5-2488-4838-BEF1-1E745BFCA6BC}" = dir=in | app=c:\program files\htc\htc sync manager\htcsyncmanager.exe | 
"{B981E0BC-BBFE-4124-9E5B-DE7F54C260A7}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{BBF1AF9A-7387-4076-B996-2F65868B470E}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\portal\hl2.exe | 
"{BC51295B-2422-473E-9394-0534DE8CF48C}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{BC5B7848-6BF4-4D43-BDF8-BCC54C0EB273}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{C655A7D5-89CC-4AB9-AC3A-EBC58B802561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8B53061-A780-4225-954B-05EFD9E7BC5F}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\coduosp.exe | 
"{CA96D3F6-9F8D-44A4-92B0-1A3A2A5D24C3}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\coduomp.exe | 
"{CD477976-C6C7-49B9-ADCC-746750ECA57E}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\half-life 2\hl2.exe | 
"{CDE3C831-525B-4E0D-8FDB-4D286D4925B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE45922C-6910-4B07-9140-B2FBCF13195E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CEE3F561-05BE-4113-B198-B2CDAAF21A96}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{CF545A1C-13CD-467B-A420-ACBCACBD54BB}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{D09046D9-ACD1-468F-9B2F-0C1502AACF72}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{D2BFA5C4-4DC4-401A-98AB-5CBE6623F51E}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{D4704E1A-7E21-4198-B529-A4062C4F6982}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\hardreset\hardreset.exe | 
"{D5A03A3C-3FAD-4BCD-A5EF-E4AD04EAA8D4}" = protocol=17 | dir=in | app=c:\users\g\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D83AF52E-D38B-4BC0-AFFD-7CEE6C10A3C9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{DA434EE6-6A13-42F3-BA3D-0020F2A08B9A}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{DAFD0127-7B43-4FDD-B81A-50B5C602BF66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFC9CF3A-B37C-4590-A899-3E4D565E7E7D}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{DFE34F78-221D-4FC0-A885-774B0D46F988}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{E275953B-6388-421F-BEAC-96A2B239C24F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E5F50AFA-876E-4179-B6F4-9B67C9652FA9}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{E7BCFD2D-86FF-4491-B05C-D4660196AEB4}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{EBEA1FEA-C562-4F6C-8D90-E02AB8B2A162}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EDC6D01D-CB14-4CAB-8B0A-EBA263A1BBDB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EE2B214C-D244-42E4-ACDD-D4CB1478EC5C}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{EE845863-240E-4F29-AFC6-4BD9D3149B67}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\call of duty\coduosp.exe | 
"{EEB1EE96-C211-4DDC-87BE-1BC4E9564191}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\jade empire\jadeempirelauncher.exe | 
"{F05827FC-2953-43E6-940A-273DCAAA8285}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe | 
"{F133F15F-7C91-4E14-AB4F-76FA562B7F7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1ACA9C4-B277-487C-87DF-56749D6EED09}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{F9CFC6D0-6394-4828-BEA2-F543B6777B8B}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\amd driver updater, xp, 32 bit\setup.exe | 
"{FBA0156B-9607-4E87-A5EC-BB5A64D36BFB}" = protocol=17 | dir=in | app=m:\program files\steam\steamapps\common\jade empire\jadeempireconfig.exe | 
"{FCE6A23B-968D-4192-957D-DB28F011432D}" = protocol=6 | dir=in | app=m:\program files\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"TCP Query User{67809831-174B-4925-A5B7-BDBC32DA12D1}C:\users\g\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\g\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8C4E4BBF-E7E9-43CE-BAB0-A7043265EDD0}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | 
"TCP Query User{C1082092-2BFB-491A-832D-95DDCCC239FC}C:\users\g\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\g\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{09B5F203-FE58-4BB5-8BC5-E1CFF85C8FDC}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | 
"UDP Query User{5FC46300-7405-4962-88DE-94EEB9F2206C}C:\users\g\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\g\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CF09D405-9154-4CA8-A110-03AFCB4A28D0}C:\users\g\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\g\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{269C93DC-3A29-450F-A3F2-7BF96C6A7E93}" = CDBurnerXP
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{368E4EF8-E840-40EE-A224-50B8D1DC2B12}" = HTC Sync Manager
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{5179641A-DC14-3A2E-BD53-480D4136C368}" = Google Talk Plugin
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63F9D765-E8DE-D921-1C6A-DF17C1DFDDA1}" = ccc-utility
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392006300}" = USB PnP Sound Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{96A0DEB6-093D-B872-955C-BE865574C448}" = AMD Media Foundation Decoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{E9812BB4-0DDA-44F7-A069-1D5C127D837D}" = Charles 3.6.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.3
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Freelancer_R.G. Mechanics_is1" = Freelancer
"Halo 2" = Halo 2 for Windows Vista
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"Juniper Network Connect 7.1.7" = Juniper Networks Network Connect 7.1.7
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Miro" = Miro
"Miro Video Converter" = Miro Video Converter
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Origin" = Origin
"SequoiaView" = SequoiaView
"SpeedFan" = SpeedFan (remove only)
"Steam App 13230" = Unreal Tournament 2004
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 205100" = Dishonored
"Steam App 225260" = Brütal Legend
"Steam App 227320" = You Need A Budget 4 (YNAB)
"Steam App 43110" = Metro 2033
"Steam App 50620" = Darksiders
"Steam App 50650" = Darksiders II
"Steam App 7110" = Jade Empire: Special Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamViewer 7" = TeamViewer 7
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TeraCopy_is1" = TeraCopy 2.27
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2093712954-3236656608-2348121820-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/26/2013 4:33:33 PM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/29/2013 2:25:24 AM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/30/2013 4:26:39 PM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/1/2014 11:13:02 AM | Computer Name = g-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.1.2.0, time stamp: 
0x52a50c49  Faulting module name: vlc.exe, version: 2.1.2.0, time stamp: 0x52a50c49
Exception
 code: 0xc0000005  Fault offset: 0x000018ad  Faulting process id: 0x147c  Faulting application
 start time: 0x01cf06fa276b5d23  Faulting application path: D:\Program Files\VideoLAN\VLC\vlc.exe
Faulting
 module path: D:\Program Files\VideoLAN\VLC\vlc.exe  Report Id: 34cb7188-72f7-11e3-8199-3085a9b32bdc
 
Error - 1/8/2014 9:22:05 AM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/11/2014 5:59:27 AM | Computer Name = g-PC | Source = Application Hang | ID = 1002
Description = The program TESV.exe version 1.9.32.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1020    Start Time:
 01cf0eaf7770b3eb    Termination Time: 56    Application Path: M:\Program Files\Steam\steamapps\common\Skyrim\TESV.exe
 
Report
 Id:   
 
Error - 1/11/2014 3:31:12 PM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/12/2014 3:53:40 PM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/18/2014 7:05:48 AM | Computer Name = g-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 1/18/2014 6:37:32 PM | Computer Name = g-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync Manager\NOutlookAccessX64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ OSession Events ]
Error - 8/7/2013 1:07:56 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10911
 seconds with 7500 seconds of active time.  This session ended with a crash.
 
Error - 8/7/2013 2:25:40 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4650
 seconds with 3720 seconds of active time.  This session ended with a crash.
 
Error - 8/7/2013 2:30:10 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 260
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 8/7/2013 2:35:51 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 314
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 8/7/2013 3:27:31 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3090
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 8/7/2013 3:31:04 PM | Computer Name = g-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 200
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/16/2014 11:09:25 AM | Computer Name = g-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:32:45 PM on ?1/?16/?2014 was unexpected.
 
Error - 1/16/2014 12:51:14 PM | Computer Name = g-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:20:31 PM on ?1/?16/?2014 was unexpected.
 
Error - 1/17/2014 11:51:28 AM | Computer Name = g-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 1/17/2014 11:07:51 PM | Computer Name = g-PC | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = SAM failed to start the TCP/IP or SPX/IPX listening thread
 
Error - 1/18/2014 5:41:00 AM | Computer Name = g-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/18/2014 6:47:29 AM | Computer Name = g-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:02:14 PM on ?1/?18/?2014 was unexpected.
 
Error - 1/18/2014 6:54:47 AM | Computer Name = g-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 1/18/2014 7:07:52 AM | Computer Name = g-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003,
 Vista, Windows 7, Server 2008 x86 (KB2600217).
 
Error - 1/18/2014 7:18:44 AM | Computer Name = g-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 1/18/2014 10:07:36 AM | Computer Name = g-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >
 


#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 23 January 2014 - 08:07 PM

Hi lastmohican,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
I'm sorry you have waited so long for a reply... but we look for topics with no replies. You replied to your own thread and it made the system think you were being helped.

Do you still require help?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#4 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 23 January 2014 - 10:34 PM

Hi Tomk,

 

Thank you for getting back to me :)

 Unfortunately, yes - the issues still hound my browsers :(

 

Apologies for the confusion - I thought I was following the correct instructions in the OTL log section

 

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Nevertheless, thank you for taking the time to look at this.

 

Regards,

LM



#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 23 January 2014 - 11:46 PM

No worries... I just happened to notice you were your own reply.  We don't miss very many... but it does happen from time to time.
 
Let's give this tool a try:
 
Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 

  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 January 2014 - 12:04 AM

Hi Tomk,

 

Here you go:

 

ComboFix 14-01-23.02 - g 01/24/2014  11:25:02.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3553.2385 [GMT 5.5:30]
Running from: c:\users\g\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\background.html
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\content.js
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\lsdb.js
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\manifest.json
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\sqlite.js
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\000103.ldb
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\000121.ldb
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\000124.ldb
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\000125.log
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\CURRENT
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\LOCK
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\LOG
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\LOG.old
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eblkchnmfhhdblbekdnnnkdikjedgpea\MANIFEST-000123
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eblkchnmfhhdblbekdnnnkdikjedgpea_0.localstorage-journal
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eblkchnmfhhdblbekdnnnkdikjedgpea_0.localstorage
c:\users\g\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu
c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu\bootstrap.js
c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu\chrome.manifest
c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu\content\zy.xul
c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\extensions\ii_awa@usueui.edu\install.rdf
F:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 05:58 . 2014-01-24 05:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-21 15:11 . 2013-12-15 20:24 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95E56D38-AB12-45D6-A3B5-AE669B64C43E}\mpengine.dll
2014-01-18 13:00 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-01-18 13:00 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2014-01-18 11:19 . 2011-06-02 09:09 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-01-18 11:19 . 2011-06-02 09:09 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\windows\ELAMBKUP
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\program files\Common Files\InfoWatch
2014-01-18 11:19 . 2014-01-24 05:52 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\program files\Kaspersky Lab
2014-01-18 11:19 . 2013-11-11 16:00 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-01-18 11:04 . 2014-01-18 11:04 -------- d-----w- c:\windows\Migration
2014-01-18 11:04 . 2014-01-18 11:04 -------- d-----w- C:\history
2014-01-18 10:59 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-18 10:59 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-18 10:59 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-18 10:59 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-18 10:59 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-18 10:59 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-18 10:59 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-18 10:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-18 10:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-18 10:54 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-01-17 15:56 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-17 15:55 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-17 15:55 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-17 15:55 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-17 15:55 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-17 15:55 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-17 15:55 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-17 15:55 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-13 10:49 . 2014-01-24 05:52 -------- d-----r- c:\users\g\Dropbox
2014-01-12 06:48 . 2014-01-13 10:49 -------- d-----w- c:\users\g\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 00:43 . 2012-08-19 13:48 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 17:55 . 2012-09-16 14:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:55 . 2012-09-16 14:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:21 . 2013-11-26 18:21 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 18:21 . 2013-11-26 18:21 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 18:21 . 2013-11-26 18:21 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 18:21 . 2013-11-26 18:21 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 18:21 . 2013-11-26 18:21 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 18:21 . 2013-11-26 18:21 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 18:21 . 2013-11-26 18:21 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 18:21 . 2013-11-26 18:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 18:21 . 2013-11-26 18:21 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 18:21 . 2013-11-26 18:21 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 18:21 . 2013-11-26 18:21 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 18:21 . 2013-11-26 18:21 337408 ----a-w- c:\windows\system32\html.iec
2013-11-26 18:21 . 2013-11-26 18:21 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 18:21 . 2013-11-26 18:21 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 18:21 . 2013-11-26 18:21 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 18:21 . 2013-11-26 18:21 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 18:21 . 2013-11-26 18:21 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 18:21 . 2013-11-26 18:21 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 18:21 . 2013-11-26 18:21 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 18:21 . 2013-11-26 18:21 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 18:21 . 2013-11-26 18:21 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-26 18:21 . 2013-11-26 18:21 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-26 18:21 . 2013-11-26 18:21 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-26 18:21 . 2013-11-26 18:21 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-26 18:21 . 2013-11-26 18:21 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-26 18:21 . 2013-11-26 18:21 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-26 18:21 . 2013-11-26 18:21 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-26 18:21 . 2013-11-26 18:21 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-26 18:20 . 2013-11-26 18:20 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-26 09:23 . 2013-12-11 18:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-11 18:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-11 18:37 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-11 18:37 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-11 18:37 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-11 18:37 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-11 18:37 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 18:36 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-11 18:37 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-11 18:37 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-12 02:07 . 2013-12-11 15:33 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-11 16:00 . 2013-11-11 16:00 58712 ----a-w- c:\windows\system32\klfphc.dll
2013-11-11 16:00 . 2013-11-11 16:00 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-11-11 16:00 . 2013-11-11 16:00 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-11-11 16:00 . 2013-11-11 16:00 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-11-11 16:00 . 2013-11-11 16:00 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-11-11 16:00 . 2013-11-11 16:00 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 12:50 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\g\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\g\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-05-22 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 3824640]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
.
c:\users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\g\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 cpuz130;cpuz130;c:\users\g\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-08-10 150464]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2013-01-16 1517056]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1343400]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 88632]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 13592]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 39736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-11-11 44000]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-11-11 145040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-09-25 818888]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-11 27760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 792856]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-11-11 25696]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-11-11 25696]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-12-23 90736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-11 1823344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 17:55]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000Core.job
- c:\users\g\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 16:42]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000UA.job
- c:\users\g\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 16:42]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cm108Sound - cm108.cpl
AddRemove-Miro Video Converter - c:\program files\Participatory Culture Foundation\Miro Video Converter\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-24  11:29:06
ComboFix-quarantined-files.txt  2014-01-24 05:59
.
Pre-Run: 19,487,469,568 bytes free
Post-Run: 19,721,248,768 bytes free
.
- - End Of File - - 7C52AF5A9C7A82B586A496790D867A13
A36C5E4F47E84449FF07ED3517B43A31


#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 12:59 AM

Good.

Let's try this:

Step 1

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step 3
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 January 2014 - 02:08 AM

Hello Tomk,

 

Thank you for your help again. Here are the logs:

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by g on Fri 01/24/2014 at 13:22:41.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Program Files\saveas"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/24/2014 at 13:24:02.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner
 
# AdwCleaner v3.017 - Report created 24/01/2014 at 13:26:54
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : g - G-PC
# Running from : C:\Users\g\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Myfree Codec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\prefs.js ]
 
Line Deleted : user_pref("extensions.513f60d7f132c.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if (window.self==window.top && window.self.location.protocol==[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1553 octets] - [24/01/2014 13:25:40]
AdwCleaner[S0].txt - [1486 octets] - [24/01/2014 13:26:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1546 octets] ##########
 
Malwarebytes (I have a PRO version of this - always updated. I ran an update before the scan)
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.24.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
g :: G-PC [administrator]
 
Protection: Enabled
 
1/24/2014 1:29:55 PM
mbam-log-2014-01-24 (13-29-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213732
Time elapsed: 2 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
=========
 
My browsing experience has improved considerably. However, i'll wait for your analysis :)
 
Thanks,
LM
 
 


#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 09:13 AM

Nothing "super bad" has been found but we have taken care of a lot of little resource stealers.

 

Let's get an online scan to check for what I can't see.  Be prepared.  This scan takes hours.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 January 2014 - 08:54 PM

Hello Tomk,

 

Good morning / evening :) - here's the log:

 

C:\Qoobox\Quarantine\C\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js.vir Win32/Adware.MultiPlug.H application
C:\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a a variant of Java/JShrink.A application
D:\Documents and Settings\anil\Local Settings\Temp\SetupDataMngr_Searchqu.exe multiple threats
D:\Documents and Settings\anil\My Documents\Downloads\cnet_DivXInstaller_exe.exe a variant of Win32/InstallCore.D application
D:\Documents and Settings\anil\My Documents\Downloads\SDFix.exe Win32/PrcView application
D:\Downloads\cpu-z_1.61-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\Downloads\MiroVideoConverter_Setup.exe a variant of Win32/OpenInstall application
D:\Downloads\Miro_setup.exe a variant of Win32/OpenInstall application
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents..CoM].iso multiple threats
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd BAT/Qhost.NOV trojan
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd BAT/HostsChanger.A application
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents..CoM].iso multiple threats
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd BAT/Qhost.NOV trojan
F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd BAT/HostsChanger.A application
F:\software dump\SweetImSetup(1).exe a variant of Win32/SweetIM.A application
F:\software dump\temp\cpu-z_1.54-setup-en.exe multiple threats
F:\software dump\temp\DriverSweeper_2.7.5.exe Win32/OpenCandy application
G:\Downloads\cnet2_fgen_305_exe.exe a variant of Win32/InstallCore.D application
M:\teracopy backup c\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js Win32/Adware.MultiPlug.H application
M:\teracopy backup c\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a a variant of Java/JShrink.A application
M:\to sort & retreive\New folder\Documents and Softwares\H Drive\Others\SoftonicDownloader69372.exe Win32/SoftonicDownloader.A application
M:\to sort & retreive\New folder\Documents and Softwares\Softwares\SoftonicDownloader_for_vlc-media-player.exe Win32/SoftonicDownloader.A application
M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\DFX_9_Audio_Enhancer_for_Winamp_2_3_4_5_6.exe a variant of Win32/Bundled.Toolbar.Ask.A application
M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\Install_Mario_Forever_v5_0.exe a variant of Win32/Toolbar.Conduit.B application
M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\SoftonicDownloader_for_vista-sidebar-xp.exe Win32/SoftonicDownloader.A application
M:\to sort & retreive\New folder\game\IntenseRacing2.exe a variant of Win32/Bundled.Toolbar.Ask.A application
M:\to sort & retreive\New folder\game\sky-track.exe a variant of Win32/Bundled.Toolbar.Ask application
M:\to sort & retreive\New folder\game\street-racer.exe a variant of Win32/Bundled.Toolbar.Ask.A application

    Advertisements

Register to Remove


#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 11:26 PM

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a 
    D:\Documents and Settings\anil\Local Settings\Temp\SetupDataMngr_Searchqu.exe 
    D:\Documents and Settings\anil\My Documents\Downloads\cnet_DivXInstaller_exe.exe 
    D:\Documents and Settings\anil\My Documents\Downloads\SDFix.exe 
    D:\Downloads\cpu-z_1.61-setup-en.exe 
    D:\Downloads\MiroVideoConverter_Setup.exe 
    D:\Downloads\Miro_setup.exe 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents..CoM].iso 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents..CoM].iso 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd 
    F:\Downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd 
    F:\software dump\SweetImSetup(1).exe 
    F:\software dump\temp\cpu-z_1.54-setup-en.exe 
    F:\software dump\temp\DriverSweeper_2.7.5.exe 
    G:\Downloads\cnet2_fgen_305_exe.exe 
    M:\teracopy backup c\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js 
    M:\teracopy backup c\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a 
    M:\to sort & retreive\New folder\Documents and Softwares\H Drive\Others\SoftonicDownloader69372.exe Win32/SoftonicDownloader.A 
    M:\to sort & retreive\New folder\Documents and Softwares\Softwares\SoftonicDownloader_for_vlc-media-player.exe Win32/SoftonicDownloader.A 
    M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\DFX_9_Audio_Enhancer_for_Winamp_2_3_4_5_6.exe 
    M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\Install_Mario_Forever_v5_0.exe 
    M:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\SoftonicDownloader_for_vista-sidebar-xp.exe 
    M:\to sort & retreive\New folder\game\IntenseRacing2.exe 
    M:\to sort & retreive\New folder\game\sky-track.exe 
    M:\to sort & retreive\New folder\game\street-racer.exe 
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program once only.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 January 2014 - 06:21 AM

Hi Tomk,

 

Here you go.

 

ComboFix:

 

ComboFix 14-01-23.02 - g 01/25/2014  17:37:37.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3548.2380 [GMT 5.5:30]
Running from: c:\users\g\Desktop\ComboFix.exe
Command switches used :: c:\users\g\Desktop\CFScript.txt
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a"
"d:\documents and settings\anil\Local Settings\Temp\SetupDataMngr_Searchqu.exe"
"d:\documents and settings\anil\My Documents\Downloads\cnet_DivXInstaller_exe.exe"
"d:\documents and settings\anil\My Documents\Downloads\SDFix.exe"
"d:\downloads\cpu-z_1.61-setup-en.exe"
"d:\downloads\Miro_setup.exe"
"d:\downloads\MiroVideoConverter_Setup.exe"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents..CoM].iso"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents..CoM].iso"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd"
"f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd"
"f:\software dump\SweetImSetup(1).exe"
"f:\software dump\temp\cpu-z_1.54-setup-en.exe"
"f:\software dump\temp\DriverSweeper_2.7.5.exe"
"g:\downloads\cnet2_fgen_305_exe.exe"
"m:\teracopy backup c\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js"
"m:\teracopy backup c\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a"
"m:\to sort & retreive\New folder\Documents and Softwares\H Drive\Others\SoftonicDownloader69372.exe Win32/SoftonicDownloader.A"
"m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\DFX_9_Audio_Enhancer_for_Winamp_2_3_4_5_6.exe"
"m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\Install_Mario_Forever_v5_0.exe"
"m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\SoftonicDownloader_for_vista-sidebar-xp.exe"
"m:\to sort & retreive\New folder\Documents and Softwares\Softwares\SoftonicDownloader_for_vlc-media-player.exe Win32/SoftonicDownloader.A"
"m:\to sort & retreive\New folder\game\IntenseRacing2.exe"
"m:\to sort & retreive\New folder\game\sky-track.exe"
"m:\to sort & retreive\New folder\game\street-racer.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a
d:\documents and settings\anil\Local Settings\Temp\SetupDataMngr_Searchqu.exe
d:\documents and settings\anil\My Documents\Downloads\cnet_DivXInstaller_exe.exe
d:\documents and settings\anil\My Documents\Downloads\SDFix.exe
d:\downloads\cpu-z_1.61-setup-en.exe
d:\downloads\Miro_setup.exe
d:\downloads\MiroVideoConverter_Setup.exe
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents..CoM].iso
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x64 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents..CoM].iso
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\Crack-Windows\disable_activation.cmd
f:\downloads\Adobe Captivate v6.0.1.240 WIN & MAC [Multi][WwW.LoKoTorrents.CoM]\Adobe Captivate v6.0.1.240 WIN x86 [Multi][WwW.LoKoTorrents.CoM]\disable_activation.cmd
f:\software dump\SweetImSetup(1).exe
f:\software dump\temp\cpu-z_1.54-setup-en.exe
f:\software dump\temp\DriverSweeper_2.7.5.exe
g:\downloads\cnet2_fgen_305_exe.exe
m:\teracopy backup c\Users\g\AppData\Local\Google\Chrome\User Data\Default\Extensions\eblkchnmfhhdblbekdnnnkdikjedgpea\1\513f60d7f11c75.30472152.js
m:\teracopy backup c\Users\g\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-553ee87a
m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\DFX_9_Audio_Enhancer_for_Winamp_2_3_4_5_6.exe
m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\Install_Mario_Forever_v5_0.exe
m:\to sort & retreive\New folder\Documents and Softwares\Softwares\Applications\SoftonicDownloader_for_vista-sidebar-xp.exe
m:\to sort & retreive\New folder\game\IntenseRacing2.exe
m:\to sort & retreive\New folder\game\sky-track.exe
m:\to sort & retreive\New folder\game\street-racer.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25  )))))))))))))))))))))))))))))))
.
.
2014-01-25 12:11 . 2014-01-25 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-24 07:55 . 2014-01-24 07:56 -------- d-----w- C:\AdwCleaner
2014-01-24 07:52 . 2014-01-24 07:52 -------- d-----w- c:\windows\ERUNT
2014-01-21 15:11 . 2013-12-15 20:24 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95E56D38-AB12-45D6-A3B5-AE669B64C43E}\mpengine.dll
2014-01-18 13:00 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-01-18 13:00 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2014-01-18 11:19 . 2011-06-02 09:09 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-01-18 11:19 . 2011-06-02 09:09 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\windows\ELAMBKUP
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\program files\Common Files\InfoWatch
2014-01-18 11:19 . 2014-01-25 10:37 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-18 11:19 . 2014-01-18 11:19 -------- d-----w- c:\program files\Kaspersky Lab
2014-01-18 11:19 . 2013-11-11 16:00 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-01-18 11:04 . 2014-01-18 11:04 -------- d-----w- c:\windows\Migration
2014-01-18 11:04 . 2014-01-18 11:04 -------- d-----w- C:\history
2014-01-18 10:59 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-18 10:59 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-18 10:59 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-18 10:59 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-18 10:59 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-18 10:59 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-18 10:59 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-18 10:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-18 10:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-18 10:54 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-01-17 15:56 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-17 15:55 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-17 15:55 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-17 15:55 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-17 15:55 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-17 15:55 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-17 15:55 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-17 15:55 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-13 10:49 . 2014-01-25 04:12 -------- d-----r- c:\users\g\Dropbox
2014-01-12 06:48 . 2014-01-13 10:49 -------- d-----w- c:\users\g\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 15:40 . 2013-07-15 15:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 00:43 . 2012-08-19 13:48 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 17:55 . 2012-09-16 14:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:55 . 2012-09-16 14:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:21 . 2013-11-26 18:21 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 18:21 . 2013-11-26 18:21 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 18:21 . 2013-11-26 18:21 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 18:21 . 2013-11-26 18:21 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 18:21 . 2013-11-26 18:21 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 18:21 . 2013-11-26 18:21 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 18:21 . 2013-11-26 18:21 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 18:21 . 2013-11-26 18:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 18:21 . 2013-11-26 18:21 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 18:21 . 2013-11-26 18:21 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 18:21 . 2013-11-26 18:21 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 18:21 . 2013-11-26 18:21 337408 ----a-w- c:\windows\system32\html.iec
2013-11-26 18:21 . 2013-11-26 18:21 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 18:21 . 2013-11-26 18:21 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 18:21 . 2013-11-26 18:21 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 18:21 . 2013-11-26 18:21 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 18:21 . 2013-11-26 18:21 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 18:21 . 2013-11-26 18:21 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 18:21 . 2013-11-26 18:21 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 18:21 . 2013-11-26 18:21 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 18:21 . 2013-11-26 18:21 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-26 18:21 . 2013-11-26 18:21 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-26 18:21 . 2013-11-26 18:21 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-26 18:21 . 2013-11-26 18:21 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-26 18:21 . 2013-11-26 18:21 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-26 18:21 . 2013-11-26 18:21 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-26 18:21 . 2013-11-26 18:21 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-26 18:21 . 2013-11-26 18:21 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-26 18:20 . 2013-11-26 18:20 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-26 09:23 . 2013-12-11 18:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-11 18:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-11 18:37 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-11 18:37 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-11 18:37 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-11 18:37 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-11 18:37 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 18:36 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-11 18:37 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-11 18:37 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-12 02:07 . 2013-12-11 15:33 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-11 16:00 . 2013-11-11 16:00 58712 ----a-w- c:\windows\system32\klfphc.dll
2013-11-11 16:00 . 2013-11-11 16:00 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-11-11 16:00 . 2013-11-11 16:00 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-11-11 16:00 . 2013-11-11 16:00 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-11-11 16:00 . 2013-11-11 16:00 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-11-11 16:00 . 2013-11-11 16:00 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\g\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 12:50 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\g\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\g\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-05-22 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 3824640]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
.
c:\users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\g\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 cpuz130;cpuz130;c:\users\g\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-08-10 150464]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2013-01-16 1517056]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1343400]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 88632]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 13592]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 39736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-11-11 44000]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-11-11 145040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-09-25 818888]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-11 27760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 792856]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-11-11 25696]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-11-11 25696]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-12-23 90736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-11 1823344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 17:55]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000Core.job
- c:\users\g\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 16:42]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093712954-3236656608-2348121820-1000UA.job
- c:\users\g\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 16:42]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\g\AppData\Roaming\Mozilla\Firefox\Profiles\8i1ahv7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
FF - ExtSQL: 2014-01-18 16:49; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-01-18 16:49; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-01-18 16:49; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-01-18 16:49; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-01-18 16:49; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-25  17:43:18
ComboFix-quarantined-files.txt  2014-01-25 12:13
ComboFix2.txt  2014-01-24 05:59
.
Pre-Run: 16,118,476,800 bytes free
Post-Run: 10,767,142,912 bytes free
.
- - End Of File - - BF23890BAA24C7794901D3E8835F372C
A36C5E4F47E84449FF07ED3517B43A31
 
CKScanner
 
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\qoobox\quarantine\f\downloads\adobe captivate v6.0.1.240 win & mac [multi][www.lokotorrents.com]\adobe captivate v6.0.1.240 win x64 [multi][www.lokotorrents.com]\crack-windows\disable_activation.cmd.vir
c:\qoobox\quarantine\f\downloads\adobe captivate v6.0.1.240 win & mac [multi][www.lokotorrents.com]\adobe captivate v6.0.1.240 win x86 [multi][www.lokotorrents.com]\crack-windows\disable_activation.cmd.vir
scanner sequence 3.LB.11.RGNAIZ
 ----- EOF ----- 
 


#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 10:38 AM

Good.

That's all I'm seeing.

How are things running now?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 lastmohican

lastmohican

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 January 2014 - 11:41 AM

Looking great. Pop-ups and text links all gone :)

 

Any parting advice or suggestions? I'll make sure no unwanted programs and extensions are installed from now on.



#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 01:37 PM

Great.

 

Some housekeeping some advice info.

 

 

  • Click START then RUN
  •  
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg

The above procedure will:

  • Implement some cleanup procedures.
  • Reset System Restore.

 

 

 

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Practicing Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved.  :thumbup:
 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics




Also tagged with one or more of these keywords: popups, textlinks, chrome, firefox

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users