Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help! Am being plagued by adware.
Options
-
19-02-2014 7:56amHi all,
Please help put me out of my misery - somehow I acquired adware and suddenly all the websites I visit are filled with ads and new browser windows automatically open with ads.
I have gone through the following steps with no joy (although I came across the PHP.Kryptik.AB virus which I hope is now removed):
1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
7. Junkware
8. Eset online scanner
Can anyone help me?
With much gratitude,
wildSaffron:mad:0
Comments
-
I only use 2 programmes. AVG free and ccleaner.
Never had a problem. You need to start being more careful online and stop opening random links or ads.0 -
I only use 2 programmes. AVG free and ccleaner.
Never had a problem. You need to start being more careful online and stop opening random links or ads.0 -
-
Pirate Shampoo - I came here for help, not for a lecture. Am generally careful about what I open.
Plates - I do have Microsoft Security Essentials running, thanks!
I went through the additional scans following a Malware Removal Guide.0 -
I wasn't lecturing you, merely pointing out that malware is in everything these days.0
-
Advertisement
-
er, adblock?0
-
Thank Skatedude - I tried adblock - it blocks the ads but the block ad spaces are still there with the text "Ads not by this site"......0
-
Avast. Very good antivirus. The free trial will prob be enough. It also warns when dodgy sites are being accesed with browser. So no more, ahem for you0
-
PirateShampoo wrote: »I only use 2 programmes. AVG free and ccleaner.
Never had a problem. You need to start being more careful online and stop opening random links or ads.
Its not that simple in fairness, plenty of people have gotten driveby virsuses on legitimate sites due to a malicious ad being put up.
I have practiced all the same advice, used av & noscript and have still ended up with keyloggers twice in 5 years. When I had these buggers (with definitive proof it was happening) I tried every av scan and diagnostic under the sun (looking at every process, checking netstat) and I could not find a trace of them.
After that my advice is to reinstall windows, its a pain, but its the only thing that will give you peace of mind.0 -
Thanks imitation - people do assume that one is clicking on everything that pops up or visiting porn sites - I am fairly careful about what I open.
I may have to reinstall windows - a pain in the neck.0 -
Advertisement
-
can you attach/post logs from these scans
1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
8. Eset online scanner0 -
Download a live rescue disk like AVG Rescue and make a bootable usb stick or cd of it. Do a scan with this.0
-
Disabling and remove all your browser add-ons in all your browsers.
Change preferred homepages and search engines back to normal.
Check the Programs and Features section in the Control Panel (if you're using Windows).
Finally, after running a full antivirus scan, do a rootkit scan- Norton Power Eraser should do for this: https://security.symantec.com/nbrt/npe.aspx
Let us know how you get on.0 -
hi i had somewhat similiar probs last year,and its upsetting/frustrating,i tried c cleaner,along with malwarebytes(free version),and hitman pro,got rid of what i had,hope you dosoon...................without being lectured on.0
-
jsa112 - are you still around to have a look at the logs - or anyone - the problem is still persisting, plus some other odd changes to my laptop.0
-
yeah can you attach/post logs from these scans
1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
8. Eset online scanner0 -
thats hard luck personally id reinstall windows,itll hurt,but if ad ware,avg etc dont work,youre machine must have the plague0
-
Further developments were:
1) My right click doesn't seem to work
2) It is difficult to download files
1. Kaspersky TDSSKiller (attached)
2. Rkill (attached)
3. Malwarebytes (attached)
4. Hitman Pro (attached)
5. RogueKiller (attached)
6. ADwCleaner (will paste)
8. Eset online scanner (attached)0 -
A reinstall of windows would be good here, if you can copy what you need to an external hard drive then just try and reinstall it, or see can you even roll back to a time you did not have these viruses...0
-
can you paste in the adwcleaner log, and do the same for this
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Advertisement
-
AdwLog attached0
-
can you post the log rather than attach it as its not letting me download it
also do the OTL step0 -
OTL logfile created on: 05/04/2014 21:34:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Technician\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.91 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.99% Memory free
5.81 Gb Paging File | 4.64 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 39.70 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive | 623.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LPC | User Name: Technician | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/05 21:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
PRC - [2014/04/05 01:16:47 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/03/29 15:28:51 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
PRC - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/20 19:13:32 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/19 03:15:00 | 000,670,720 | ---- | M] (Yealink) -- C:\Program Files\SkypeMate\SkypeMate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/05 01:00:13 | 001,157,120 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_ssl.pyd
MOD - [2014/04/05 01:00:13 | 000,811,008 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._windows_.pyd
MOD - [2014/04/05 01:00:13 | 000,805,888 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._gdi_.pyd
MOD - [2014/04/05 01:00:13 | 000,712,192 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_hashlib.pyd
MOD - [2014/04/05 01:00:13 | 000,110,080 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\PyWinTypes27.dll
MOD - [2014/04/05 01:00:13 | 000,087,040 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_ctypes.pyd
MOD - [2014/04/05 01:00:13 | 000,070,656 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._html2.pyd
MOD - [2014/04/05 01:00:13 | 000,035,840 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32process.pyd
MOD - [2014/04/05 01:00:13 | 000,026,624 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_multiprocessing.pyd
MOD - [2014/04/05 01:00:13 | 000,024,064 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32pipe.pyd
MOD - [2014/04/05 01:00:12 | 001,062,400 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._controls_.pyd
MOD - [2014/04/05 01:00:12 | 000,686,080 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\unicodedata.pyd
MOD - [2014/04/05 01:00:12 | 000,127,488 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pyexpat.pyd
MOD - [2014/04/05 01:00:12 | 000,038,912 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32inet.pyd
MOD - [2014/04/05 01:00:12 | 000,025,600 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32pdh.pyd
MOD - [2014/04/05 01:00:12 | 000,018,432 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32event.pyd
MOD - [2014/04/05 01:00:12 | 000,010,240 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\select.pyd
MOD - [2014/04/05 01:00:11 | 001,175,040 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._core_.pyd
MOD - [2014/04/05 01:00:11 | 000,557,056 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pysqlite2._sqlite.pyd
MOD - [2014/04/05 01:00:11 | 000,525,640 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/05 01:00:11 | 000,320,512 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32com.shell.shell.pyd
MOD - [2014/04/05 01:00:11 | 000,128,512 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_elementtree.pyd
MOD - [2014/04/05 01:00:11 | 000,119,808 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32file.pyd
MOD - [2014/04/05 01:00:11 | 000,108,544 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32security.pyd
MOD - [2014/04/05 01:00:11 | 000,098,816 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32api.pyd
MOD - [2014/04/05 01:00:11 | 000,044,032 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_socket.pyd
MOD - [2014/04/05 01:00:11 | 000,022,528 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32ts.pyd
MOD - [2014/04/05 01:00:11 | 000,017,408 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32profile.pyd
MOD - [2014/04/05 01:00:10 | 000,735,232 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._misc_.pyd
MOD - [2014/04/05 01:00:10 | 000,364,544 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pythoncom27.dll
MOD - [2014/04/05 01:00:10 | 000,122,368 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._wizard.pyd
MOD - [2014/04/05 01:00:10 | 000,011,264 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32crypt.pyd
MOD - [2014/01/23 16:33:14 | 000,148,808 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
MOD - [2014/01/23 16:33:12 | 000,131,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
MOD - [2014/01/23 16:33:12 | 000,122,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
MOD - [2014/01/23 16:33:04 | 000,087,928 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:04 | 000,022,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:00 | 000,405,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,107,904 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,048,512 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:56 | 000,030,072 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:54 | 000,541,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
MOD - [2014/01/23 16:32:52 | 001,928,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
MOD - [2014/01/23 16:32:52 | 000,118,104 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
MOD - [2014/01/23 16:32:50 | 000,308,064 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
MOD - [2014/01/23 16:32:50 | 000,056,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
MOD - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
MOD - [2014/01/23 16:32:46 | 000,789,360 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
MOD - [2014/01/23 16:32:44 | 002,084,720 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareShellExtension.dll
MOD - [2012/12/20 10:12:00 | 000,582,144 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2014/04/05 01:16:47 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/04 12:58:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 17:41:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/01/04 06:50:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/02/19 01:14:06 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/10/28 02:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/10/28 02:12:12 | 000,087,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/07/17 17:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/03/26 15:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/09/15 08:03:46 | 000,030,000 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2010/11/20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/10 14:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/20 19:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/14 19:31:59 | 000,000,000 | ---D | M]
[2012/12/19 14:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Technician\AppData\Roaming\Mozilla\Extensions
[2014/04/04 19:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Technician\AppData\Roaming\Mozilla\Firefox\Profiles\ujaeovqm.default-1396625349610\extensions
[2014/04/04 12:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/04 12:58:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/04 12:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/04/04 12:47:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/29 06:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2013/07/20 19:13:54 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com,
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Technician\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\
CHR - Extension: Google Wallet = C:\Users\Technician\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014/04/05 02:07:58 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Technician\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe (Yealink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FCA49D9-C6F3-4885-9219-9AB7BDA52A8E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC57F248-37DE-4E86-B998-A016AEA1FF9E}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F749ACDA-208C-4A1F-85ED-A0CA8E72EBDE}: DhcpNameServer = 89.19.64.164 89.19.64.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/14 22:23:38 | 000,061,440 | R--- | M] () - \Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/05/17 19:40:16 | 000,000,031 | R--- | M] () - \autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a530ae0-769d-11e2-9b3f-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{3a530ae0-769d-11e2-9b3f-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3a530c1a-769d-11e2-9b3f-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{3a530c1a-769d-11e2-9b3f-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{653dea60-71d7-11e2-a789-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{653dea60-71d7-11e2-a789-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{653deac0-71d7-11e2-a789-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{653deac0-71d7-11e2-a789-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b621d4ff-2d9e-11e3-b529-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{b621d4ff-2d9e-11e3-b529-001e33252471}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{be2d5cd8-7ba5-11e2-8677-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{be2d5cd8-7ba5-11e2-8677-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e9a4edac-80ee-11e2-a7f3-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a4edac-80ee-11e2-a7f3-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ed66f6c7-49c1-11e2-97bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed66f6c7-49c1-11e2-97bd-806e6f6e6963}\Shell\AutoRun\command - "" = \Autorun.exe -- [2005/07/14 22:23:38 | 000,061,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/05 21:32:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
[2014/04/05 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Technician\AppData\Roaming\Lavasoft
[2014/04/05 17:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/04/05 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/04/05 01:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 19:27:15 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 19:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 19:26:40 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/04 19:26:40 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/04 19:26:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/04 19:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Technician\Documents\New Downloads
[2014/04/04 13:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/04 12:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/04/03 07:50:41 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\RK_Quarantine
[2014/03/12 12:34:31 | 000,000,000 | ---D | C] -- C:\Users\Technician\Documents\BackupForDreamweaver
[2014/03/11 11:14:17 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\Print
[2014/03/08 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\SiteCache
[2014/03/07 18:51:48 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/05 21:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/05 21:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
[2014/04/05 21:12:10 | 000,000,181 | ---- | M] () -- C:\Users\Technician\Desktop\Ad-Aware_Report_Quick_Manual_2014-04-05T20-58-20.351322.xml
[2014/04/05 20:55:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/05 20:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/05 20:39:12 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/05 16:09:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 14:03:58 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Technician.job
[2014/04/05 14:03:52 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Technician.job
[2014/04/05 14:03:20 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Technician.job
[2014/04/05 01:51:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2014/04/05 01:51:00 | 000,000,364 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2014/04/05 01:07:33 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 01:07:33 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 00:59:29 | 2339,467,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 00:47:33 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 19:26:56 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 15:28:30 | 003,831,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/04 13:29:14 | 001,213,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/04 13:29:14 | 000,402,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/04 13:22:28 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/03 17:01:09 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 15:14:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/03 08:09:54 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/03 06:51:28 | 000,275,386 | ---- | M] () -- C:\Users\Technician\AppData\Local\census.cache
[2014/04/03 06:51:25 | 000,141,368 | ---- | M] () -- C:\Users\Technician\AppData\Local\ars.cache
[2014/03/31 13:57:18 | 000,088,435 | ---- | M] () -- C:\Users\Technician\Desktop\delete.jpg
[2014/03/15 19:33:41 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/12 14:04:55 | 000,077,944 | ---- | M] () -- C:\Users\Technician\Desktop\delete.png
[2014/03/10 08:37:50 | 000,099,670 | ---- | M] () -- C:\Users\Technician\Desktop\Lucy+Brian_sm.jpg
[2014/03/07 12:59:19 | 000,221,211 | ---- | M] () -- C:\Users\Technician\Desktop\screenshot.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/05 21:03:50 | 000,000,181 | ---- | C] () -- C:\Users\Technician\Desktop\Ad-Aware_Report_Quick_Manual_2014-04-05T20-58-20.351322.xml
[2014/04/05 17:07:20 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/05 14:03:19 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Technician.job
[2014/04/05 01:51:00 | 000,000,364 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2014/04/04 19:26:56 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 17:01:09 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 11:33:15 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Technician.job
[2014/04/03 11:33:13 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Technician.job
[2014/04/03 08:09:54 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/10 14:54:10 | 006,148,608 | ---- | C] () -- C:\Windows\System32\PatchPackage.msp
[2014/03/10 08:37:50 | 000,099,670 | ---- | C] () -- C:\Users\Technician\Desktop\Lucy+Brian_sm.jpg
[2014/03/07 12:59:07 | 000,221,211 | ---- | C] () -- C:\Users\Technician\Desktop\screenshot.jpg
[2014/02/19 10:02:15 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/14 21:02:16 | 000,000,000 | ---- | C] () -- C:\Program Files\moz_update_in_progress.lock
[2014/02/10 11:01:31 | 000,210,992 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2014/02/10 06:05:29 | 000,275,386 | ---- | C] () -- C:\Users\Technician\AppData\Local\census.cache
[2014/02/10 06:05:05 | 000,141,368 | ---- | C] () -- C:\Users\Technician\AppData\Local\ars.cache
[2014/02/10 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Technician\AppData\Local\housecall.guid.cache
[2013/08/18 06:55:02 | 000,006,656 | ---- | C] () -- C:\Users\Technician\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/26 10:46:11 | 000,004,096 | -H-- | C] () -- C:\Users\Technician\AppData\Local\keyfile3.drm
[2013/02/08 11:21:33 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/08 11:21:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/02/08 11:12:50 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/12/22 11:21:52 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/12/19 13:02:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/12/25 02:25:34 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\4Team
[2013/08/17 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Canon
[2013/05/22 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/03 08:50:12 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/04/03 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Dropbox
[2014/04/04 16:26:28 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\KeePass
[2013/02/04 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\PDAppFlex
[2013/09/07 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\TeamViewer
[2013/05/09 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Watchtower
[2013/01/30 12:01:37 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\webex
========== Purity Check ==========
< End of report >0 -
OTL Extras logfile created on: 05/04/2014 21:34:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Technician\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.91 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.99% Memory free
5.81 Gb Paging File | 4.64 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 39.70 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive | 623.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LPC | User Name: Technician | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Technician\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0417C92D-8D0B-4B61-B5BC-E123E2BC29E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{07C50416-D9AF-44D7-B1B8-999E9144328E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EB2300F-A465-447E-AD4E-0FB6EDB5E2BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22F90A36-421D-48D1-94DF-1A1D806A3084}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{252041A4-172D-4B27-98B2-E95150D85ABB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C28BBD4-DBBD-4E20-A580-A91167676A02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FB07D67-E47A-4616-BC26-F640BFF1DB2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{31620104-1CE0-42E1-81E6-FF5D606E66EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BF72D7B-544D-44D2-934A-AB9F599A56BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E1E8807-C434-4243-8D4B-4AC22D459578}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50D4706E-97CE-422B-A5EC-A0D753E7C043}" = rport=137 | protocol=17 | dir=out | app=system |
"{56ACBDB1-43DB-4FBB-8E52-E0FB4F637823}" = lport=138 | protocol=17 | dir=in | app=system |
"{594628B2-780B-4BD7-B65C-484D5EC43E29}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DF82E4E-0D93-43CD-B300-B86E4EEDDF22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FDB42C5-991B-4B11-B351-50CDF22A8119}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82A25FA5-C60E-4B61-BDAB-83C6F271D923}" = lport=445 | protocol=6 | dir=in | app=system |
"{8792DEBD-DD29-48CE-A04E-6F41358EEB45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87A5D256-2972-4893-80B4-4709A2990A3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{883555B0-4E15-4708-9027-075BBEBD007B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{898166A9-3EC4-4A7F-A286-686CD8018587}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{899F9890-4BAB-4BF2-A545-46B4F6AA9AB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91777B35-C004-4DB8-8384-E2ED08C3882F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97AFAFC5-5012-4F1C-9FB7-9AED75975EE8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A076D079-5869-43E6-8EE8-48654EB0DFF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2DCFEB0-E972-4130-A785-162B2BE5C229}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E1A371EE-9EE8-4FEF-8747-9EEFB1D5A46A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF534E0-8600-42CB-8004-288E0B566803}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{0D0DD73F-2238-4C0D-B125-B694EDE38385}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{0EC2D9CC-AD7B-4684-8FEE-03ABA7911138}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{23FFFCDE-9220-4080-BF02-CDA96669CA22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{250ADE7D-A0A0-4AF6-BC5A-1A0A2E1C73F7}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{2773DB29-AA8F-45EF-B106-C0C3FA90857E}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{2842A287-8179-42FA-AB2C-7D03E56442B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34CBAE51-FC60-4141-AB30-AD718E454FAB}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{381BB7AA-D7D6-4047-9CB9-F7296706552D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E9866C-D570-4E8C-89D1-15B2FC1D2E2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45025873-269F-4473-B875-E8D8EE472766}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DAA6902-77C4-4454-B75A-3A670800816A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6446AE49-2AD3-4E00-87C3-48E12BCCBA58}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{66DFFEC7-C5D9-483D-98DD-D14685D72ED3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{747D51FA-9A19-470D-BADE-0FA0F2101376}" = protocol=17 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"{81A74A02-BDD2-4097-9B3A-2074CA7ACC87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F1D01BF-BD52-4777-92D1-7760D0068F05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A315BA1B-8541-464D-8B40-477C4DFAA75B}" = protocol=6 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"{A940BDBD-4F01-4EAF-9224-CEC0EB7EF1F1}" = protocol=6 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{A9B6E3B0-3752-42A7-A3A3-2DBFD61F7333}" = protocol=17 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{AAEE0FA8-5A69-401E-A725-16DCD96BD1B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3577C5-28F5-4C0F-AA32-38C1D9FC46FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3267993-32D3-42AC-92F5-D58F6A961FE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C109813C-4ADE-41F6-A807-6813C763B850}" = protocol=6 | dir=out | app=system |
"{C788ACBE-B0A5-44B2-B62D-9DB6B975758D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC6D7D15-84C4-4D52-B021-70EF7C849FEB}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{CDDBF654-14B3-4D3F-BBD1-47CA98CC343A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0FC5723-B37B-4094-B90F-3EB8F77A775D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0D7D2D5-18C4-4B90-B254-02DE7B05309B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F612C4F4-D3D4-42CE-BCF4-57F67832825D}" = dir=in | app=c:\users\technician\appdata\local\microsoft\skydrive\skydrive.exe |
"{F6C0B387-7C8D-44A3-B7D9-E093C58D2BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F94C5A60-DC9E-47D0-BAC8-92D5098032A1}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{FE18B47F-AAFB-4C17-84AF-407B2C629E70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{295151DE-73B2-4176-AD3A-DC448F445B14}C:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{914A5FE4-2A05-4FD6-AC32-FF2A0BAB858E}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{97FB923A-2A04-4072-9E7C-553CA29CA1FB}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{2653183A-E2DF-40A4-92A1-83004CB8D322}C:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7FD3763B-7D21-4378-BC6D-79B0CC448EBD}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{A6D6CF8D-E748-4414-A05C-6F7B4D2148D8}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06B5988F-EBA6-4802-9F7B-4FB471291321}" = WebEx Event Manager for Firefox or Chrome
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series" = Canon MP230 series MP Drivers
"{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}" = Watchtower Library 2012 - English
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17E73768-9F21-4334-ABE6-CD131031564C}" = AdAwareUpdater
"{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater" = Ad-Aware Antivirus
"{1836BD51-4707-42EB-A81B-831AB2CA9E6A}" = AdAwareInstaller
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E69BB189-4B20-46AE-93CF-59099F05FC3F}" = OutlookTools 2
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressAccounts" = Express Accounts
"ExpressBurn" = Express Burn
"ExpressInvoice" = Express Invoice
"FreeHDSport TV V7.0" = FreeHDSport TV V7.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"Huawei Modems" = Huawei modem
"Inventoria" = Inventoria Stock Manager
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"RealPlayer 16.0" = RealPlayer
"SkypeMate" = SkypeMate
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05/04/2014 15:30:57 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10454313
Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2917
Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2917
Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6849
Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6849
Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16115
Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16115
[ OSession Events ]
Error - 24/07/2013 10:45:01 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52307
seconds with 1800 seconds of active time. This session ended with a crash.
Error - 29/07/2013 04:16:41 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 360452
seconds with 20460 seconds of active time. This session ended with a crash.
Error - 31/07/2013 13:17:34 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99706
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 17/08/2013 06:38:35 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1347 seconds with 660 seconds of active time. This session ended with a
crash.
Error - 11/11/2013 16:57:35 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 36462
seconds with 60 seconds of active time. This session ended with a crash.
Error - 04/12/2013 11:20:36 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32910
seconds with 720 seconds of active time. This session ended with a crash.
Error - 30/12/2013 07:09:22 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 52379
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26/01/2014 11:46:30 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81078
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 03/02/2014 17:06:30 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32325
seconds with 180 seconds of active time. This session ended with a crash.
Error - 01/03/2014 10:08:58 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 70085
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05/04/2014 16:00:38 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =
Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =
Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =
Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
< End of report >0 -
what browser is this happening in ? Does it happen on every site ?0
-
I generally use Firefox.
I did try to download on IE but the same thing was happening.
To install the old timer tool, I had to download it on another computer.
I have managed to download the other tools after several attempts, though.0 -
in firefox click the help tab at the top, restart with add-ons disabled
does the problem still occur ?0 -
Yes - I did that and the problem still occurs - the dialogue box for downloading files appears - and one one clicks on "Save File" - nothing happens, and the Save File button greys out and the dialogue box hangs around the only way to get rid of it is to close Firefox through the Task Manager.
I took a screenshot.0 -
honestly i'm not sure whats going on. your logs are all clean, and your problems arent typical virus issues. Id be 99% sure that your PC is clean from viruses
can try the following
re-install firefox
go into safe mode with networking, does it occur then ?0 -
Advertisement
-
1. Uninstalled and reinstalled Firefox
2. Am running in Safe Mode with Networking
The same problems are still there! - Can't download files easily, sometimes doubleclicking on something doesn't work as it did before, and I have no right click button.
I went into Fireworks and my selection tools aren't working.
I wondered if it were a hardware problem - I checked the Control Panel to see that the touchpad settings were ok - I am afraid I can't find where the touchpad is controlled from.0
Advertisement