Starbuck Posted November 4, 2014 Posted November 4, 2014 As requested from bob12a Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014 Ran by BF2010 (administrator) on BF2010-PC on 04-11-2014 15:43:03 Running from C:\Users\BF2010\Downloads Loaded Profile: BF2010 (Available profiles: BF2010) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Dropbox, Inc.) C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Secunia) C:\Program Files\Secunia\PSI\psia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\swriter.exe (Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\soffice.exe (Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\soffice.bin (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\BF2010\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-31] (Siber Systems) HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd) HKU\S-1-5-18\...\Run: [samsung.PCSync] => C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2009-06-04] (Nokia) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP97&ocid=UP97DHP HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.roboform.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default FF DefaultSearchEngine: Bing FF DefaultSearchUrl: https://uk.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP|hxxp://start.roboform.com FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF NetworkProxy: "no_proxies_on", "localhost" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: QuickFox Notes - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\amin.eft_bmnotes@gmail.com [2014-06-21] FF Extension: cosstminn - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\y94661a@pwkeoxvqto.co.uk [2014-07-16] FF Extension: Anaglyph 3D - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\anaglyph3d@internauta1024a.pl.xpi [2014-05-23] FF Extension: Exif Viewer - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-06-13] FF Extension: English (GB) Language Pack - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-06-01] FF Extension: Adblock Plus - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-24] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-07] FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-03-25] FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23] CHR Extension: (Google Docs) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23] CHR Extension: (Google Drive) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23] CHR Extension: (YouTube) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23] CHR Extension: (Google Search) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23] CHR Extension: (Google Sheets) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23] CHR Extension: (Google Wallet) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23] CHR Extension: (Gmail) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23] CHR Extension: (RoboForm) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-23] CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18] CHR Extension: (Google Drive) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18] CHR Extension: (YouTube) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18] CHR Extension: (Google Search) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18] CHR Extension: (Skype Click to Call) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-25] CHR Extension: (Google Wallet) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18] CHR Extension: (Gmail) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18] CHR Extension: (RoboForm) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-08-18] CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-05-04] CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [821016 2012-04-27] (Acronis) S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-15] (Acronis) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 MSSQL$EONENERGYFIT; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation) R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-09-14] (IBM Corp.) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5914912 2012-04-27] (Acronis) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2014-07-14] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2014-07-14] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices) S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [100352 2009-11-18] (ATI Technologies, Inc.) [File not signed] R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies) S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation) S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation) S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia) R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys [430264 2014-09-24] () R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251288 2014-09-14] (IBM Corp.) S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208888 2014-09-14] (IBM Corp.) S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-09-14] (IBM Corp.) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-05-15] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software) S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-05-15] (Acronis) R0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-05-15] (Acronis) S3 netr28u; system32\DRIVERS\netr28u.sys [X] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 14:56 - 2014-11-04 14:56 - 00880272 _____ (Google Inc.) C:\Users\BF2010\Downloads\ChromeSetup (3).exe 2014-11-04 11:10 - 2014-11-04 11:10 - 00000000 ____D () C:\Windows\system32\SPReview 2014-11-04 07:53 - 2014-11-04 07:53 - 01106432 _____ (Farbar) C:\Users\BF2010\Downloads\FRST (1).exe 2014-11-03 07:56 - 2014-11-03 07:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.0.3.1025 (1).exe 2014-11-02 08:27 - 2014-11-04 14:38 - 00001680 _____ () C:\Windows\setupact.log 2014-11-02 08:27 - 2014-11-02 08:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-02 08:25 - 2014-11-02 08:25 - 00020826 _____ () C:\Users\BF2010\Documents\cc_20141102_082457.reg 2014-11-02 08:00 - 2014-11-02 08:00 - 04977216 _____ (Piriform Ltd) C:\Users\BF2010\Downloads\ccsetup419.exe 2014-10-31 07:51 - 2014-10-31 07:51 - 00436504 _____ (IBM Corp.) C:\Users\BF2010\Downloads\RapportSetup (2).exe 2014-10-31 07:45 - 2014-10-31 07:46 - 16254368 _____ (Siber Systems) C:\Users\BF2010\Downloads\RoboForm-Setup-cnetc.exe 2014-10-26 15:52 - 2014-10-27 11:25 - 00000000 ____D () C:\Users\BF2010\Desktop\RIGHT TEST 02 2014-10-26 15:51 - 2014-10-27 11:23 - 00000000 ____D () C:\Users\BF2010\Desktop\LEFT TEST 02 2014-10-25 07:30 - 2014-10-10 01:39 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-25 07:30 - 2014-10-10 01:39 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-25 07:30 - 2014-10-10 01:34 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-25 07:30 - 2014-09-15 00:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-25 06:30 - 2014-03-31 20:36 - 00049856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys 2014-10-25 06:29 - 2014-10-25 06:29 - 00001255 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-10-25 06:28 - 2014-10-25 06:28 - 00001324 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-10-25 06:21 - 2010-06-02 03:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-10-25 06:21 - 2010-06-02 03:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-10-25 06:21 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-25 06:13 - 2014-10-25 06:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-10-25 06:05 - 2014-10-25 06:05 - 01239752 _____ (Microsoft Corporation) C:\Users\BF2010\Downloads\wlsetup-web (2).exe 2014-10-25 05:52 - 2014-10-25 05:52 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{A48E34A6-5BFA-462C-920F-89100535B48A} 2014-10-24 08:33 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{5D54C2D5-29CD-4466-9132-BE38017D463C} 2014-10-23 14:27 - 2014-10-23 14:27 - 01962496 _____ () C:\Users\BF2010\Downloads\AdwCleaner (2).exe 2014-10-23 14:22 - 2014-10-23 14:22 - 01962496 _____ () C:\Users\BF2010\Downloads\AdwCleaner (1).exe 2014-10-23 14:05 - 2014-11-04 15:24 - 00000000 ____D () C:\Users\BF2010\Desktop\malware checks 2014-10-23 10:21 - 2014-10-23 10:22 - 00066891 _____ () C:\Users\BF2010\Downloads\Addition.txt 2014-10-23 10:19 - 2014-11-04 15:43 - 00026008 _____ () C:\Users\BF2010\Downloads\FRST.txt 2014-10-23 10:19 - 2014-11-04 15:43 - 00000000 ____D () C:\FRST 2014-10-23 10:18 - 2014-10-23 10:18 - 01103360 _____ (Farbar) C:\Users\BF2010\Downloads\FRST.exe 2014-10-23 09:29 - 2014-10-23 09:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-23 05:49 - 2014-10-23 05:50 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{24F27E83-5FAF-431D-9C1C-666A183108E4} 2014-10-23 05:46 - 2014-10-23 05:46 - 00953604 _____ () C:\Users\BF2010\Downloads\Photo1583.rar 2014-10-23 05:45 - 2014-10-23 05:45 - 01524393 _____ () C:\Users\BF2010\Downloads\Photo1584.rar 2014-10-22 06:38 - 2014-10-22 06:38 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-22 06:38 - 2014-10-22 06:38 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-22 06:38 - 2014-10-22 06:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-22 06:28 - 2014-10-22 06:29 - 36240048 _____ () C:\Users\BF2010\Downloads\Firefox Setup 33.0.exe 2014-10-22 05:57 - 2014-10-22 05:57 - 00770360 _____ ( ) C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US_inst (2).exe 2014-10-21 15:43 - 2014-10-22 10:21 - 00000067 _____ () C:\Users\BF2010\AppData\Roaming\WB.CFG 2014-10-21 15:34 - 2014-10-21 15:34 - 00770360 _____ ( ) C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US_inst (1).exe 2014-10-21 10:26 - 2014-10-21 10:26 - 01705698 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (6).exe 2014-10-21 09:46 - 2014-10-21 09:46 - 01705698 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (5).exe 2014-10-21 09:41 - 2014-10-21 09:41 - 00000000 ____D () C:\Users\BF2010\AppData\Local\StormFall 2014-10-21 09:38 - 2014-10-21 09:38 - 00712240 _____ ( ) C:\Users\BF2010\Downloads\FileOpenerSetup.exe 2014-10-21 06:27 - 2014-10-21 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-10-21 06:27 - 2014-10-21 06:27 - 00000000 ____D () C:\Program Files\Speccy 2014-10-21 06:23 - 2014-10-21 06:23 - 04890736 _____ (Piriform Ltd) C:\Users\BF2010\Downloads\spsetup126.exe 2014-10-20 09:20 - 2014-10-20 09:20 - 00000528 _____ () C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db 2014-10-19 14:56 - 2014-10-19 14:56 - 00000001 _____ () C:\Users\BF2010\AppData\Local\DSI.DAT 2014-10-19 07:52 - 2014-10-19 07:52 - 00014746 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Sparta 2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Plarium 2014-10-16 10:07 - 2014-10-16 10:07 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-10-16 05:57 - 2014-10-16 05:57 - 00000268 ___RH () C:\ProgramData\Strings 2014-10-16 05:57 - 2014-10-16 05:57 - 00000012 ___RH () C:\ProgramData\Textures 2014-10-16 05:54 - 2014-10-20 10:27 - 00000000 ____D () C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 2014-10-16 05:47 - 2014-10-16 05:50 - 112498648 _____ () C:\Users\BF2010\Downloads\S-VNX2__-021002WF-EUREN-32BIT_.exe 2014-10-14 06:07 - 2014-10-14 06:07 - 00244136 _____ () C:\Users\BF2010\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-13 15:18 - 2014-10-13 15:18 - 00000934 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-10-13 15:10 - 2014-10-13 15:11 - 62091264 _____ () C:\Users\BF2010\Downloads\calibre-2.5.0.msi 2014-10-13 14:58 - 2014-02-12 09:44 - 12612096 _____ () C:\Program Files\cr3.exe 2014-10-13 14:58 - 2014-02-12 09:43 - 00000000 ____D () C:\Program Files\res 2014-10-13 14:58 - 2011-02-19 23:03 - 00421200 _____ (Microsoft Corporation) C:\Program Files\msvcp100.dll 2014-10-13 14:58 - 2011-02-19 00:40 - 00773968 _____ (Microsoft Corporation) C:\Program Files\msvcr100.dll 2014-10-13 14:53 - 2014-10-13 14:53 - 08798971 _____ () C:\Users\BF2010\Downloads\cr3-newui-opengl-win32-qt-static-angle-3.3.23.zip 2014-10-09 08:56 - 2014-10-09 09:03 - 00000000 ____D () C:\Users\BF2010\Desktop\2d irfran idf50lb 2014-10-08 09:29 - 2014-10-08 09:29 - 00004330 _____ () C:\Windows\Tasks\SCHEDLGU(22).TXT 2014-10-07 09:48 - 2014-10-22 06:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-06 09:05 - 2014-10-06 09:05 - 00000000 ____D () C:\773418432d8f83abbbb75e318ec85794 2014-10-05 08:19 - 2014-10-05 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync 2014-10-05 08:16 - 2014-10-05 08:17 - 09070416 _____ (Siber Systems) C:\Users\BF2010\Downloads\GoodSync-Setup-8.9.9.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 15:19 - 2014-07-25 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 15:01 - 2010-06-07 14:40 - 00000000 ___RD () C:\Users\BF2010\Desktop\unwanted for now 2014-11-04 14:48 - 2009-07-14 04:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 14:48 - 2009-07-14 04:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-04 14:44 - 2011-04-10 10:39 - 01080819 _____ () C:\Windows\WindowsUpdate.log 2014-11-04 14:39 - 2011-08-13 11:27 - 00000000 ___RD () C:\Users\BF2010\Dropbox 2014-11-04 14:39 - 2011-08-13 11:24 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Dropbox 2014-11-04 14:37 - 2014-07-25 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 14:37 - 2011-10-26 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-04 14:37 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 11:04 - 2011-01-31 07:18 - 00000000 ____D () C:\Users\BF2010\AppData\Local\CrashDumps 2014-11-03 16:11 - 2014-08-24 18:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-02 08:06 - 2010-04-20 10:25 - 00000000 ____D () C:\Windows\pss 2014-11-02 08:05 - 2010-03-26 16:37 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-01 11:18 - 2010-02-15 16:52 - 00091840 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-01 08:35 - 2010-12-29 07:36 - 00002125 _____ () C:\Windows\epplauncher.mif 2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\Guest 2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\Administrator 2014-10-31 07:48 - 2012-02-21 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2014-10-30 07:51 - 2013-07-14 06:05 - 00000000 ____D () C:\Users\BF2010\Desktop\PHEREO PICS 2014-10-30 07:41 - 2012-09-04 05:59 - 00000000 ___RD () C:\Users\BF2010\Desktop\quick 2014-10-28 06:35 - 2010-02-16 10:43 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 08:23 - 2009-07-14 04:33 - 03863744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-25 08:16 - 2014-07-11 12:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-25 07:43 - 2013-08-14 05:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-25 07:32 - 2010-02-16 10:43 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-25 07:05 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-25 06:30 - 2014-08-15 11:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-10-25 06:27 - 2014-08-15 11:17 - 00001408 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-10-25 06:27 - 2014-08-15 11:16 - 00002436 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-10-25 06:25 - 2010-02-16 15:12 - 00000000 ____D () C:\Program Files\Windows Live 2014-10-25 06:22 - 2009-07-14 02:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-24 09:00 - 2014-07-16 15:02 - 00000000 ____D () C:\Users\BF2010\Desktop\right tests 2014-10-24 08:59 - 2014-07-16 14:58 - 00000000 ____D () C:\Users\BF2010\Desktop\left tests 2014-10-23 14:38 - 2013-09-27 15:51 - 00000000 ____D () C:\AdwCleaner 2014-10-23 14:35 - 2014-07-16 06:40 - 00000000 ____D () C:\Users\BF2010\AppData\Local\AVG SafeGuard toolbar 2014-10-23 09:34 - 2014-08-24 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-23 09:34 - 2014-08-24 17:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-23 06:21 - 2014-08-19 05:39 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Adobe 2014-10-23 05:52 - 2013-04-05 08:20 - 01820160 ___SH () C:\Users\BF2010\Desktop\Thumbs.db 2014-10-21 15:40 - 2014-09-19 05:59 - 140852175 _____ () C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe 2014-10-21 09:32 - 2012-01-29 16:04 - 00000000 ____D () C:\Users\BF2010\Desktop\safty 2014-10-20 10:30 - 2010-03-25 10:47 - 00000000 ____D () C:\Users\BF2010 2014-10-20 10:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-10-20 10:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system 2014-10-20 10:27 - 2014-07-15 09:04 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2014-10-20 10:27 - 2013-08-19 14:50 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Adobe_Systems_Incorporate 2014-10-20 10:27 - 2013-07-18 09:00 - 00000000 ____D () C:\Users\BF2010\.globonote 2014-10-20 10:27 - 2013-04-01 15:22 - 00000000 ____D () C:\Users\BF2010\AppData\Local\MetaGeek,_LLC 2014-10-20 10:27 - 2013-01-18 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-20 10:27 - 2012-09-20 05:39 - 00000000 ____D () C:\Users\BF2010\AppData\Local\lptmp844513598 2014-10-20 10:27 - 2012-08-12 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 2014-10-20 10:27 - 2012-06-12 10:25 - 00000000 ____D () C:\Users\BF2010\AppData\Local\IM 2014-10-20 10:27 - 2011-11-10 07:09 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Akamai 2014-10-20 10:27 - 2011-07-27 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 2014-10-20 10:27 - 2011-03-10 17:40 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-20 10:27 - 2010-03-26 10:45 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\IrfanView 2014-10-20 10:25 - 2010-10-24 08:26 - 00000000 ____D () C:\Windows\Minidump 2014-10-20 10:25 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration 2014-10-20 10:24 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Comodo 2014-10-20 10:24 - 2010-07-24 09:37 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Flickr 2014-10-20 10:24 - 2010-03-25 15:51 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Google 2014-10-20 10:21 - 2011-07-27 08:54 - 00000000 ____D () C:\Program Files\Nikon 2014-10-20 10:21 - 2010-02-16 14:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-20 10:20 - 2011-07-27 08:54 - 00000000 ____D () C:\Program Files\Common Files\Nikon 2014-10-19 09:26 - 2011-07-27 08:54 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-10-17 09:17 - 2011-07-27 08:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Downloaded Installations 2014-10-16 05:57 - 2011-12-22 15:27 - 00000268 ___RH () C:\Users\BF2010\AppData\Roaming\StatusSheet 2014-10-16 05:57 - 2011-07-27 08:54 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-10-16 05:53 - 2011-07-27 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon 2014-10-15 14:12 - 2011-12-09 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-15 06:09 - 2011-12-09 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-15 06:09 - 2011-09-09 06:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-10-15 05:52 - 2014-07-18 15:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job 2014-10-15 05:52 - 2014-07-18 15:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job 2014-10-15 05:52 - 2014-06-15 06:20 - 00000286 _____ () C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job 2014-10-14 05:57 - 2014-05-28 09:21 - 00000000 ____D () C:\Users\BF2010\Desktop\hals 3d 2014-10-13 15:24 - 2011-03-10 17:46 - 00000000 ____D () C:\Users\BF2010\Documents\Calibre Library 2014-10-13 15:18 - 2011-03-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-10-09 18:46 - 2012-10-05 15:29 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013 2014-10-05 08:31 - 2011-05-20 13:22 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\GoodSync 2014-10-05 08:19 - 2014-09-01 13:35 - 00002033 _____ () C:\Users\Public\Desktop\GoodSync.lnk 2014-10-05 08:19 - 2011-05-20 13:22 - 00000000 ____D () C:\ProgramData\GoodSync 2014-10-05 08:19 - 2010-03-25 11:56 - 00000000 ____D () C:\Program Files\Siber Systems 2014-10-05 06:05 - 2010-03-25 12:47 - 00006653 _____ () C:\Users\BF2010\Desktop\Photobucket.rfp Files to move or delete: ==================== C:\Users\BF2010\AdbeRdr1001_en_US.exe C:\Users\BF2010\BOIE9_ENUS_BO0085_WIN7.EXE C:\Users\BF2010\ccsetup307.exe C:\Users\BF2010\ChromeSetup.exe C:\Users\BF2010\chrome_installer.exe C:\Users\BF2010\FHSetup.exe C:\Users\BF2010\Firefox Setup 10.0.2.exe C:\Users\BF2010\Firefox Setup 3.6.18.exe C:\Users\BF2010\Firefox Setup 8.0.1.exe C:\Users\BF2010\Firefox Setup 9.0.1.exe C:\Users\BF2010\hosts-perm.bat C:\Users\BF2010\IE9-Windows7-x86-enu.exe C:\Users\BF2010\install_flash_player.exe C:\Users\BF2010\install_flash_player_ax.exe C:\Users\BF2010\mbam-setup-1.51.0.1200.exe C:\Users\BF2010\Photoshop_12_LS1.exe C:\Users\BF2010\RealPlayer.exe C:\Users\BF2010\setup.exe C:\Users\BF2010\Shockwave_Installer_Slim.exe C:\Users\BF2010\uninstall_flash_player.exe C:\Users\BF2010\vlc-1.1.10-win32.exe C:\Users\BF2010\WhatInStartup.exe C:\Users\BF2010\windows-kb890830-v3.17.exe C:\Users\BF2010\windows6.1-KB976932-ia64.exe C:\Users\BF2010\windows6.1-KB976932-X64.exe C:\Users\BF2010\windows6.1-KB976932-X86 (2).exe C:\Users\BF2010\windows6.1-KB976932-x86.exe Some content of TEMP: ==================== C:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivt6si.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-27 08:22 = (end) ----------------------------Addition.txt Quote Member of:UNITE
Starbuck Posted November 4, 2014 Author Posted November 4, 2014 Hi Bob, First off, This system is very out of date!! Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 There's no service pack installed and your IE is well out of date..... it should be IE11 Do you have Windows Updates turned on at all? Without all the security updates this system is very vulnerable. and talking of vulnerable...... There is no anti virus installed!! Recommendation TuneUp Utilities 2013 Most of what's included in this software is already available in Win7. You could end up actually causing problems by constantly using programs like this. I recommend you uninstall it. Trusteer Endpoint Protection I know a lot of banks keep pushing this, but it's not something i'd ever want on any of my systems. There is a lot of bad press about it. Up to you if you keep it. Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\BF2010\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Step 2 We need to use another program to fix some other entries.... list] [*]Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL [*]Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator. [*]Make sure all other windows are closed and to let it run uninterrupted. [*]When the window appears, underneath Output at the top change it to Minimal Output. [*]Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: Fixlog.txt Both reports from OTL and also let me know why the system is so far out of date. Thanks.fixlist.txt Quote Member of:UNITE
Starbuck Posted November 11, 2014 Author Posted November 11, 2014 Reports from Bob12a: OTL logfile created on: 08/11/2014 15:29:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BF2010\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.12 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 41.36% Memory free 6.25 Gb Paging File | 4.47 Gb Available in Paging File | 71.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910.41 Gb Total Space | 535.82 Gb Free Space | 58.86% Space Free | Partition Type: NTFS Drive D: | 20.00 Gb Total Space | 8.86 Gb Free Space | 44.29% Space Free | Partition Type: NTFS Drive P: | 931.51 Gb Total Space | 118.69 Gb Free Space | 12.74% Space Free | Partition Type: NTFS Computer Name: BF2010-PC | User Name: BF2010 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BF2010\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Siber Systems Inc.) PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsrrtu_.dll () MOD - C:\Program Files\Google\Chrome\Application\40.0.2209.0\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files\Google\Chrome\Application\40.0.2209.0\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\40.0.2209.0\libglesv2.dll () MOD - C:\Program Files\Google\Chrome\Application\40.0.2209.0\libegl.dll () MOD - C:\Program Files\Google\Chrome\Application\40.0.2209.0\ffmpegsumo.dll () MOD - C:\Users\BF2010\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Users\BF2010\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll () MOD - C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll () MOD - C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) SRV - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) SRV - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (c2cautoupdatesvc) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) SRV - (c2cpnrsvc) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvvad_WaveExtensible) -- C:\Windows\System32\drivers\nvvad32v.sys (NVIDIA Corporation) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices) DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.3) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis) DRV - (vidsflt67) -- C:\Windows\System32\drivers\vsflt67.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation) DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.roboform.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP97&ocid=UP97DHP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7AMSA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaultenginename: "Bing " FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaulturl: "https://uk.search.yahoo.com/yhs/search" FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)" FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.selectedEngine: "Bing " FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/?pc=UP97&ocid=UP97DHP|http://start.roboform.com" FF - prefs.js..extensions.enabledAddons: anaglyph3d%40internauta1024a.pl:0.2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BF2010\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BF2010\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/10/31 07:48:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/10/07 09:48:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/07 09:48:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/10/31 07:48:08 | 000,000,000 | ---D | M] [2014/06/08 07:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Extensions [2010/07/24 09:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com [2014/05/24 14:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extension-data [2014/05/24 14:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extension-data\toolbar___ps__@apn.ask.com [2014/10/22 06:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions [2014/06/21 06:29:21 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions\amin.eft_bmnotes@gmail.com [2014/10/20 10:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\n0cs74ko.default\extensions [2014/10/23 14:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\n0cs74ko.default\extensions\staged [2014/09/28 14:36:56 | 000,014,171 | ---- | M] () (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions\anaglyph3d@internauta1024a.pl.xpi [2014/06/13 06:43:54 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2014/10/22 06:55:46 | 000,423,841 | ---- | M] () (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014/10/19 06:19:44 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/06/20 05:40:55 | 000,009,425 | ---- | M] () -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\searchplugins\yahoo-avast.xml [2014/10/23 14:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2014/10/22 06:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/10/22 06:38:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/03 14:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll ========== Chrome ========== CHR - plugin: Error reading preferences file O1 HOSTS File: ([2014/11/08 11:13:36 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.67.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19606678-7F15-453E-8592-43D1CF3ADE34}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB30CD2B-150C-4391-9125-F421E94225E0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013/03/05 12:29:37 | 000,000,197 | ---- | M] () - P:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe - (Firetrust) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe - (Firetrust) MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\BF2010\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) MsConfig - StartUpReg: Application Restart #0 - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: Application Restart #1 - hkey= - key= - C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: Application Restart #2 - hkey= - key= - C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: C36F3A6CBF7B9420DF043E4C6981D47900681572._service_run - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: DigitalSites - hkey= - key= - C:\Windows\System32\wscript.exe (Microsoft Corporation) MsConfig - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) MsConfig - StartUpReg: Driver Manager - hkey= - key= - File not found MsConfig - StartUpReg: Everything - hkey= - key= - File not found MsConfig - StartUpReg: FlashGet 3 - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Gadwin PrintScreen - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) MsConfig - StartUpReg: Google Chrome - hkey= - key= - C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: GoogleChromeAutoLaunch_145946EBB52EFDB4F4FFC43E89A9AFCC - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig - StartUpReg: GoogleDriveSync - hkey= - key= - C:\Program Files\Google\Drive\googledrivesync.exe (Google) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: KSS - hkey= - key= - File not found MsConfig - StartUpReg: NBAgent - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) MsConfig - StartUpReg: NvBackend - hkey= - key= - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) MsConfig - StartUpReg: Raptr - hkey= - key= - C:\Program Files\Raptr\raptrstub.exe (Raptr, Inc) MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) MsConfig - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: ShadowPlay - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) MsConfig - StartUpReg: vProt - hkey= - key= - File not found MsConfig - StartUpReg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} - hkey= - key= - Reg Error: Value error. File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/11/08 11:29:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2014/11/06 07:22:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/11/04 16:02:14 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014/10/26 15:52:43 | 000,000,000 | ---D | C] -- C:\Users\BF2010\Desktop\RIGHT TEST 02 [2014/10/26 15:51:42 | 000,000,000 | ---D | C] -- C:\Users\BF2010\Desktop\LEFT TEST 02 [2014/10/25 07:30:45 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2014/10/25 07:30:44 | 000,394,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014/10/25 07:30:44 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014/10/25 07:30:42 | 002,377,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014/10/25 06:31:51 | 000,000,000 | ---D | C] -- C:\Windows\en [2014/10/25 06:21:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2014/10/25 06:21:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2014/10/25 06:21:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2014/10/25 06:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive [2014/10/25 05:52:03 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{A48E34A6-5BFA-462C-920F-89100535B48A} [2014/10/24 08:33:03 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{5D54C2D5-29CD-4466-9132-BE38017D463C} [2014/10/23 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\BF2010\Desktop\malware checks [2014/10/23 10:19:24 | 000,000,000 | ---D | C] -- C:\FRST [2014/10/23 05:49:53 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{24F27E83-5FAF-431D-9C1C-666A183108E4} [2014/10/22 06:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014/10/21 09:41:59 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\StormFall [2014/10/21 06:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2014/10/21 06:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2014/10/16 13:54:17 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z [2014/10/16 10:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2014/10/16 05:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 [2014/10/13 14:58:54 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [2014/10/13 14:58:54 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2013/12/19 11:05:33 | 011,019,776 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/11/08 15:18:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/11/08 14:32:21 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/11/08 14:32:21 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/11/08 14:24:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/11/08 14:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/11/08 11:13:36 | 000,000,035 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014/11/07 16:44:14 | 000,259,320 | ---- | M] () -- C:\Users\BF2010\Desktop\failed.JPG [2014/11/06 15:58:52 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/11/04 15:00:14 | 000,002,233 | ---- | M] () -- C:\Users\BF2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/11/04 14:30:58 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2014/11/03 16:11:13 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014/11/02 09:51:31 | 000,001,055 | ---- | M] () -- C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014/11/02 08:25:12 | 000,020,826 | ---- | M] () -- C:\Users\BF2010\Documents\cc_20141102_082457.reg [2014/11/01 11:18:12 | 000,079,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/11/01 11:18:12 | 000,028,992 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/11/01 08:35:39 | 000,002,125 | ---- | M] () -- C:\Windows\epplauncher.mif [2014/10/25 08:23:02 | 003,863,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014/10/22 10:21:15 | 000,000,067 | ---- | M] () -- C:\Users\BF2010\AppData\Roaming\WB.CFG [2014/10/22 06:38:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/10/20 09:20:14 | 000,000,528 | ---- | M] () -- C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db [2014/10/19 14:56:36 | 000,000,001 | ---- | M] () -- C:\Users\BF2010\AppData\Local\DSI.DAT [2014/10/19 09:26:16 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2014/10/16 05:57:53 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Strings [2014/10/16 05:57:53 | 000,000,268 | RH-- | M] () -- C:\Users\BF2010\AppData\Roaming\StatusSheet [2014/10/16 05:57:53 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2014/10/16 05:57:53 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Textures [2014/10/15 14:12:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/10/15 06:09:53 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014/10/15 06:09:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014/10/15 05:52:09 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job [2014/10/15 05:52:09 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job [2014/10/15 05:52:09 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job [2014/10/13 15:18:41 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2014/10/10 01:39:22 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2014/10/10 01:39:00 | 000,394,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014/10/10 01:34:20 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/11/07 16:44:14 | 000,259,320 | ---- | C] () -- C:\Users\BF2010\Desktop\failed.JPG [2014/11/02 09:51:31 | 000,001,055 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014/11/02 08:25:01 | 000,020,826 | ---- | C] () -- C:\Users\BF2010\Documents\cc_20141102_082457.reg [2014/10/25 06:29:51 | 000,001,255 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2014/10/25 06:28:58 | 000,001,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2014/10/22 06:38:57 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/10/22 06:38:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/10/21 15:43:59 | 000,000,067 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\WB.CFG [2014/10/20 09:20:14 | 000,000,528 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db [2014/10/19 14:56:36 | 000,000,001 | ---- | C] () -- C:\Users\BF2010\AppData\Local\DSI.DAT [2014/10/16 05:57:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings [2014/10/16 05:57:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Textures [2014/10/13 15:18:41 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2014/09/18 11:55:09 | 003,961,833 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2014/07/16 06:19:40 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/07/15 07:37:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014/07/15 07:34:44 | 002,140,976 | ---- | C] () -- C:\Windows\System32\SStudio.dll [2014/07/15 07:34:38 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat [2014/07/15 07:34:32 | 001,099,203 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2014/07/15 07:34:17 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll [2014/07/15 07:34:17 | 000,029,496 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll [2014/07/15 07:06:10 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2014/05/16 07:14:36 | 000,000,218 | ---- | C] () -- C:\Users\BF2010\.recently-used.xbel [2014/04/18 02:23:02 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2014/04/17 21:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2014/04/10 17:58:46 | 000,082,128 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2014/03/31 22:06:22 | 000,234,804 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2014/03/31 22:04:42 | 000,233,008 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2014/02/06 15:45:58 | 000,134,192 | ---- | C] () -- C:\Windows\System32\ativce03.dat [2014/01/16 17:00:46 | 000,273,712 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi_nd.dat [2014/01/16 16:59:20 | 000,275,124 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi.dat [2014/01/16 08:34:52 | 000,723,841 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2013/12/06 21:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe [2013/12/06 21:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe [2013/12/06 20:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2013/12/06 20:28:32 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2013/11/02 09:03:54 | 000,000,043 | ---- | C] () -- C:\Users\BF2010\autorun.inf [2012/08/12 09:30:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings [2012/08/12 09:30:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble [2012/08/12 09:30:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Track Settings [2012/08/12 07:45:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\StatusSheet [2012/08/12 07:45:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\StartupItems [2012/08/12 06:03:00 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Synth Textures [2012/08/12 06:02:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2012/05/02 09:45:24 | 000,282,624 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\SettingsDB.sdf [2011/12/22 15:27:54 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\StatusSheet [2011/08/13 15:24:01 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Local\{CB311B15-645B-467F-AB72-A373C4B2F9EB} [2011/07/27 08:54:42 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\Stingers [2011/07/27 08:54:42 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\Static Library [2011/07/27 08:54:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011/07/27 08:54:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011/07/27 08:54:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011/04/17 07:09:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/04/17 07:09:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DE100F8271.sys [2011/04/10 13:55:59 | 000,000,824 | ---- | C] () -- C:\Users\BF2010\hosts [2011/01/19 15:31:44 | 000,754,336 | -H-- | C] () -- C:\Users\BF2010\ZbThumbnail.info [2010/12/04 18:06:58 | 000,000,355 | ---- | C] () -- C:\Users\BF2010\Computer - Shortcut (2).lnk [2010/12/04 18:06:15 | 000,000,355 | ---- | C] () -- C:\Users\BF2010\Computer - Shortcut.lnk [2010/10/30 14:27:25 | 000,007,648 | ---- | C] () -- C:\Users\BF2010\AppData\Local\resmon.resmoncfg [2010/10/22 14:45:42 | 000,000,132 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/10/09 08:39:05 | 000,000,132 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/09/14 10:52:58 | 1026,293,791 | ---- | C] () -- C:\Users\BF2010\Photoshop_12_LS1.7z [2010/09/13 11:54:49 | 000,001,456 | ---- | C] () -- C:\Users\BF2010\AppData\Local\Adobe Save for Web 12.0 Prefs [2010/08/12 11:50:14 | 000,038,429 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Comma Separated Values (DOS).ADR [2010/07/12 09:32:02 | 000,219,136 | -H-- | C] () -- C:\Users\BF2010\photothumb.db [2010/07/10 08:44:47 | 000,064,436 | ---- | C] () -- C:\Users\BF2010\test collage 02.jpg [2010/07/10 08:43:16 | 000,004,292 | ---- | C] () -- C:\Users\BF2010\shape.png [2010/07/10 08:41:44 | 000,055,094 | ---- | C] () -- C:\Users\BF2010\test collage 01.jpg [2010/07/02 09:12:04 | 001,055,517 | ---- | C] () -- C:\Users\BF2010\Photo0141.jpg [2010/06/30 14:28:50 | 000,038,131 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\mdbu.bin [2010/06/25 05:54:54 | 000,000,195 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\ltbpr.dat [2010/06/02 11:31:12 | 000,000,411 | -H-- | C] () -- C:\Users\BF2010\.picasa.ini [2010/06/02 10:16:22 | 001,704,589 | ---- | C] () -- C:\Users\BF2010\Photo0135.jpg [2010/06/02 10:15:56 | 002,030,181 | ---- | C] () -- C:\Users\BF2010\Photo0134.jpg [2010/06/02 10:15:34 | 001,652,703 | ---- | C] () -- C:\Users\BF2010\Photo0133.jpg [2010/06/02 10:15:17 | 001,288,593 | ---- | C] () -- C:\Users\BF2010\Photo0132.jpg [2010/06/02 10:15:00 | 001,312,322 | ---- | C] () -- C:\Users\BF2010\Photo0131.jpg [2010/06/02 10:14:44 | 001,188,292 | ---- | C] () -- C:\Users\BF2010\Photo0130.jpg [2010/06/02 10:14:17 | 002,006,521 | ---- | C] () -- C:\Users\BF2010\Photo0129.jpg [2010/06/02 10:13:50 | 001,927,623 | ---- | C] () -- C:\Users\BF2010\Photo0128.jpg [2010/06/02 10:13:23 | 001,981,211 | ---- | C] () -- C:\Users\BF2010\Photo0127.jpg [2010/06/02 10:13:00 | 001,676,213 | ---- | C] () -- C:\Users\BF2010\Photo0126.jpg [2010/06/02 10:12:33 | 001,927,138 | ---- | C] () -- C:\Users\BF2010\Photo0125.jpg [2010/06/02 10:12:07 | 001,909,721 | ---- | C] () -- C:\Users\BF2010\Photo0124.jpg [2010/06/02 10:11:58 | 000,509,343 | ---- | C] () -- C:\Users\BF2010\Photo0123.jpg [2010/06/02 10:11:46 | 000,724,996 | ---- | C] () -- C:\Users\BF2010\Photo0122.jpg [2010/06/02 10:11:30 | 001,192,184 | ---- | C] () -- C:\Users\BF2010\Photo0121.jpg [2010/06/02 10:11:12 | 001,230,100 | ---- | C] () -- C:\Users\BF2010\Photo0120.jpg [2010/06/02 10:10:58 | 000,970,908 | ---- | C] () -- C:\Users\BF2010\Photo0119.jpg [2010/06/02 10:10:36 | 001,611,770 | ---- | C] () -- C:\Users\BF2010\Photo0118.jpg [2010/06/02 10:10:13 | 001,569,601 | ---- | C] () -- C:\Users\BF2010\Photo0117.jpg [2010/06/02 10:09:48 | 001,807,765 | ---- | C] () -- C:\Users\BF2010\Photo0116.jpg [2010/06/02 10:09:25 | 001,734,815 | ---- | C] () -- C:\Users\BF2010\Photo0115.jpg [2010/06/02 10:09:08 | 001,448,280 | ---- | C] () -- C:\Users\BF2010\Photo0114.jpg [2010/06/02 10:08:49 | 001,722,095 | ---- | C] () -- C:\Users\BF2010\Photo0113.jpg [2010/06/02 10:08:26 | 002,034,193 | ---- | C] () -- C:\Users\BF2010\Photo0112.jpg [2010/06/02 10:08:11 | 001,189,584 | ---- | C] () -- C:\Users\BF2010\Photo0111.jpg [2010/06/02 10:07:58 | 001,097,668 | ---- | C] () -- C:\Users\BF2010\Photo0110.jpg [2010/06/02 10:07:44 | 001,067,443 | ---- | C] () -- C:\Users\BF2010\Photo0109.jpg [2010/06/02 10:07:29 | 001,342,976 | ---- | C] () -- C:\Users\BF2010\Photo0108.jpg [2010/06/02 10:07:07 | 001,895,596 | ---- | C] () -- C:\Users\BF2010\Photo0105.jpg [2010/06/02 10:06:46 | 001,861,416 | ---- | C] () -- C:\Users\BF2010\Photo0104.jpg [2010/06/02 10:06:29 | 001,531,174 | ---- | C] () -- C:\Users\BF2010\Photo0103.jpg [2010/06/02 10:06:15 | 001,094,851 | ---- | C] () -- C:\Users\BF2010\Photo0102.jpg [2010/06/02 10:05:59 | 001,440,348 | ---- | C] () -- C:\Users\BF2010\Photo0101.jpg [2010/06/02 10:05:41 | 001,590,601 | ---- | C] () -- C:\Users\BF2010\Photo0100.jpg [2010/06/02 10:05:26 | 001,357,186 | ---- | C] () -- C:\Users\BF2010\Photo0099.jpg [2010/06/02 10:05:11 | 001,266,922 | ---- | C] () -- C:\Users\BF2010\Photo0098.jpg [2010/06/02 10:04:46 | 002,217,187 | ---- | C] () -- C:\Users\BF2010\Photo0082.jpg [2010/06/02 10:04:32 | 001,156,070 | ---- | C] () -- C:\Users\BF2010\Photo0057.jpg [2010/06/02 10:04:19 | 000,811,359 | ---- | C] () -- C:\Users\BF2010\Photo0012.jpg [2010/06/01 14:31:10 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\downloads.m3u [2010/05/18 14:26:43 | 000,000,359 | ---- | C] () -- C:\Users\BF2010\Recycle Bin - Shortcut.lnk [2010/05/14 11:23:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/03/31 15:42:06 | 000,000,141 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\default.rss [2010/03/26 17:52:37 | 000,033,280 | ---- | C] () -- C:\Users\BF2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011/03/01 12:13:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2014/10/16 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z [2014/09/19 05:59:18 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\0F1L1I1P0H1L1E1E1F [2012/05/15 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Acronis [2010/08/20 16:42:26 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Affixa [2011/02/09 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Amazon [2010/08/24 07:56:59 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\AnvSoft [2010/07/13 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\AquaSoft [2011/04/04 06:25:42 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Auslogics [2011/12/05 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Avant Downloader [2013/03/21 11:11:17 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\AVG2013 [2011/07/17 08:19:15 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2011/07/09 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\BITS [2013/04/21 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\calibre [2010/04/02 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Canon [2010/09/14 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/09/15 08:09:20 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2014/11/08 14:25:18 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Dropbox [2012/05/20 10:20:15 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Easy Duplicate Finder [2012/06/17 05:59:46 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\EasyDuplicateFinder [2011/01/02 07:56:37 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\FileZilla [2011/01/07 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Firetrust [2010/07/24 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Flickr [2012/03/05 12:32:02 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\GlarySoft [2014/10/05 08:31:33 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\GoodSync [2014/05/16 07:14:24 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\gtk-2.0 [2011/05/25 08:16:56 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\ieSpell [2014/10/20 10:27:59 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\IrfanView [2011/08/25 07:37:27 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\JAM Software [2011/11/22 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Kovalev'S.oftware [2014/07/13 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\library_dir [2010/07/12 16:43:24 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\MAGIX [2012/06/30 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\MailWasherPro [2010/08/20 16:44:52 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Mapi2Xml [2010/12/12 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Mobipocket [2014/06/11 06:34:48 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Moonchild Productions [2010/03/30 10:25:18 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\NewSoft [2010/05/28 17:58:08 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\NewspaperDirect [2011/07/27 11:23:58 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Nikon [2010/07/20 06:18:17 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Oloneo [2010/09/19 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\OOo-dev [2010/03/26 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\OpenOffice.org [2014/09/07 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\OpenOfficeBeta [2013/09/10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Opera Software [2012/10/02 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\OverDrive [2012/07/07 13:50:17 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\PC Suite [2010/08/14 07:55:37 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\PDF Software [2014/02/16 07:32:04 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Phereo [2014/02/17 07:55:24 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\PhereoShop.ImageViewer [2010/07/12 14:46:41 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\PhotoScape [2012/01/28 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\QuickScan [2014/09/01 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Raptr [2014/08/20 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\RoboForm [2012/07/12 09:41:15 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Samsung [2010/10/07 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/01/06 13:05:07 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Stardock [2014/08/28 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\SystemRequirementsLab [2010/05/21 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Trusteer [2013/03/21 11:10:15 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\TuneUp Software [2012/01/17 16:28:38 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\Windows Live Writer [2014/06/15 06:20:40 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\WinZip [2010/04/01 06:31:10 | 000,000,000 | ---D | M] -- C:\Users\BF2010\AppData\Roaming\WordWeb ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/11/20 16:05:14 | 000,001,584 | ---- | M] () -- C:\01_Refine-Edge - Shortcut.lnkhs908 [2014/08/11 06:07:56 | 000,000,399 | ---- | M] () -- C:\356CANON.lnk5z416 [2013/06/27 14:30:53 | 000,017,252 | ---- | M] () -- C:\AdwCleaner[s1].txt [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2014/07/14 13:36:28 | 001,486,848 | ---- | M] () -- C:\BlueSoleil.msi [2011/11/21 14:21:34 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut (2).lnk2l686 [2011/11/21 14:32:57 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut.lnk5z804 [2011/11/21 14:19:33 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut.lnkxk702 [2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013/05/14 10:37:09 | 000,025,290 | ---- | M] () -- C:\DB1.rar [2010/08/01 15:47:39 | 000,002,623 | ---- | M] () -- C:\E.ON Energy Fit Software.lnkxw1000 [2010/04/02 15:30:05 | 000,000,989 | -H-- | M] () -- C:\hstr_0002.lnkui124 [2011/10/23 15:13:01 | 000,000,783 | -H-- | M] () -- C:\hstr_0004.lnkhs882 [2010/06/28 08:05:05 | 000,000,989 | -H-- | M] () -- C:\hstr_0004.lnkyk185 [2011/03/02 16:30:56 | 000,000,826 | -H-- | M] () -- C:\hstr_0007.lnk30350 [2011/03/02 16:13:44 | 000,000,974 | -H-- | M] () -- C:\hstr_0007.lnkht200 [2011/03/02 16:22:26 | 000,001,005 | -H-- | M] () -- C:\hstr_0008.lnkpf215 [2011/03/02 16:33:15 | 000,000,989 | -H-- | M] () -- C:\hstr_0009.lnkpn232 [2011/05/23 12:15:28 | 000,001,005 | -H-- | M] () -- C:\hstr_0010.lnk7q333 [2011/04/25 16:43:03 | 000,001,227 | ---- | M] () -- C:\I'm-behind-you - Shortcut.lnky4767 [2014/08/11 06:07:56 | 000,000,544 | ---- | M] () -- C:\IMG_2892.lnky4676 [2010/02/17 16:11:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012/01/13 14:47:09 | 000,000,361 | -H-- | M] () -- C:\IPH.PH [2011/02/10 10:36:12 | 000,003,067 | ---- | M] () -- C:\Mobipocket Reader.lnkqn16 [2010/07/10 14:33:42 | 000,001,898 | ---- | M] () -- C:\MovieShow music.lnkbf261 [2010/02/17 16:11:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/11/26 09:47:16 | 000,003,067 | ---- | M] () -- C:\Nero BackItUp.lnkbi31 [2011/01/16 12:59:55 | 000,002,715 | ---- | M] () -- C:\Nero Burning ROM 10.lnkbi98 [2010/12/14 07:52:21 | 000,002,669 | ---- | M] () -- C:\Nero Vision 10.lnkx4155 [2014/07/14 16:36:59 | 000,000,229 | ---- | M] () -- C:\NEW VOLUME (Q).lnk5z594 [2014/11/08 14:23:51 | 3353,665,536 | -HS- | M] () -- C:\pagefile.sys [2014/04/16 09:05:59 | 000,000,368 | ---- | M] () -- C:\PHOTOS (J) - Shortcut.lnkro365 [2010/06/01 14:11:01 | 000,002,157 | ---- | M] () -- C:\Product Registration.lnky4843 [2011/01/17 17:12:29 | 000,000,328 | ---- | M] () -- C:\Removable Disk (H) - Shortcut (2).lnkl7718 [2011/01/17 17:12:19 | 000,000,328 | ---- | M] () -- C:\Removable Disk (H) - Shortcut.lnkts734 [2013/09/10 10:22:54 | 000,002,479 | ---- | M] () -- C:\Safari.lnk4y985 [2011/06/01 15:26:57 | 000,002,479 | ---- | M] () -- C:\Safari.lnkzj230 [2010/08/08 05:57:25 | 000,002,503 | ---- | M] () -- C:\Skype.lnk7u245 [2013/03/22 15:07:32 | 000,003,199 | ---- | M] () -- C:\Sophos Virus Removal Tool.lnke9379 [2013/03/19 09:33:46 | 000,000,385 | ---- | M] () -- C:\STICK FOXIE (I) - Shortcut.lnkui1000 < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2009/07/14 01:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL [2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll [2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2014/09/26 06:46:49 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [2011/02/19 23:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2011/02/19 00:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ShowIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\HideIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ReinstallCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\shell\open\command\\: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/22 04:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/22 04:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/10/11 14:09:56 | 000,904,056 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/10/11 12:52:51 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/11/03 17:18:47 | 000,843,592 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ShowIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\HideIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ReinstallCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\shell\open\command\\: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/24 01:30:07 | 001,250,840 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/11 06:05:48 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/22 04:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/22 04:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\BF2010\AppData\Roaming\default.rss:OECustomProperty < End of report > Quote Member of:UNITE
Starbuck Posted November 11, 2014 Author Posted November 11, 2014 OTL Extras logfile created on: 06/11/2014 16:30:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BF2010\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.12 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 38.00% Memory free 6.25 Gb Paging File | 4.10 Gb Available in Paging File | 65.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910.41 Gb Total Space | 540.33 Gb Free Space | 59.35% Space Free | Partition Type: NTFS Drive D: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.22% Space Free | Partition Type: NTFS Drive P: | 931.51 Gb Total Space | 119.65 Gb Free Space | 12.84% Space Free | Partition Type: NTFS Computer Name: BF2010-PC | User Name: BF2010 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04225CCB-A9B7-4DAB-8379-D315B9D6CE96}" = lport=2869 | protocol=6 | dir=in | app=system | "{0E1ABFAA-2B74-4183-A04F-3095F02D0594}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0EB5304F-3BB8-433E-A78D-F424088561A3}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{185B2FA6-A644-4BC7-BD0D-4A73971CD6AF}" = lport=2869 | protocol=6 | dir=in | app=system | "{21EA2C0A-8396-4F27-A2FA-90AA85274EA1}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{2CE1275F-E934-4CE3-8307-41D3D23641C5}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{362C526F-F1DD-44F7-8582-03AFB8730043}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{379D6F65-FA3A-41C7-B859-29A001053559}" = rport=139 | protocol=6 | dir=out | app=system | "{39574620-406A-4C10-A5DC-62F1B9FEC3E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{407C0338-F9C3-42D7-BD57-10269C65DFC1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{54D789B0-71F4-4B54-8ABB-7E9E3D936798}" = lport=138 | protocol=17 | dir=in | app=system | "{58D97B81-8AD4-4F2D-B9C3-D3778640402A}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{66B6E5CB-7141-4343-BB71-43A54299706A}" = rport=137 | protocol=17 | dir=out | app=system | "{699EDBDA-2A43-4658-B1BF-B64BE2E8D55F}" = rport=10243 | protocol=6 | dir=out | app=system | "{6AD15E3A-3FF1-4580-82A8-A650A92A88A1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6F59B6D1-BE8E-4093-B56F-402FF6BDD20A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76AEA9E7-FC53-4792-8E9B-4301112D25BF}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{76F8D1F0-606A-4B24-AB71-C4DA4F9E20AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83A4C37F-0F37-480F-9B5D-4184BD3D2BF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C5F4E80-2D75-4D02-9192-9429A54415E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8D63389E-DD07-4757-8A2A-2DEF7EA85693}" = lport=137 | protocol=17 | dir=in | app=system | "{8DDE3E08-698F-45E2-8AC2-3508DA075FA3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{90375343-757F-420D-A49D-E3DD8D9697FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{90509A54-0BBA-4C7C-BE45-8181B402AB3D}" = lport=139 | protocol=6 | dir=in | app=system | "{94FDD202-9E0D-421E-9A03-7F58941EF0C0}" = lport=445 | protocol=6 | dir=in | app=system | "{A09A1DCC-1007-4639-B004-D69A999B82D8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{A5878D7A-D503-4AC8-8F85-4C245BDF620D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ABC9B881-66F2-4E91-B0C4-F67F223C0EEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BAC30A11-BD89-4AA4-A2DD-7998E3ABD882}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "{BD634CD7-F436-416D-9A33-049A7FD79BE7}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | "{C549A7E2-8F06-41E6-A4C9-3F4D65C2C8DC}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface | "{CDBDE410-E846-4BB2-96AC-92D63EE5F3E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF3F701E-A14D-46D2-A222-9FEDBBBDD17F}" = rport=138 | protocol=17 | dir=out | app=system | "{CFC9ABF6-BFBF-453A-AF5F-D5D86B7C531F}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{D6245AA9-D9BF-46BF-BFDF-E95F18C3E5D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8377811-17BF-4A4E-A961-F8C6E3E76004}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{E0FA0F39-A1AA-4B51-BE3D-DEF21611680D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{E761F9AC-6F65-4FA4-82DD-D51F6F384849}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E93B584F-DCB1-4C3E-BFAD-E0F5D6338794}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | "{ECB6488C-7041-4369-90D6-DB32AF47CE15}" = lport=10243 | protocol=6 | dir=in | app=system | "{F0D19B2D-0630-4C71-B5DC-DBA9F01906F2}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01406664-3452-44DB-8CE3-BA7CE7313119}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0ABB5462-B842-4CDA-A703-86109C5E9C27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{17364155-6EFD-4148-9D1B-F4FF19506404}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1F072548-6A9E-4A56-8089-3211D13B4873}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{3F08EDE7-E7F8-4FBA-96DA-3F71773DF422}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{40E55F03-305C-42D5-AE2B-C1C0E2F62984}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{41B31243-80E8-4477-9EA4-AA43C3B33240}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4489155E-5B95-43F2-AA7A-5E2F201F6F6A}" = dir=in | app=c:\program files\winzip driver updater\winzipdu.exe | "{53343ECE-60F9-4522-8FED-F84A92B5FC55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54B7D2B0-4BAD-4244-BC08-C01DE113DCCB}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{65360E2D-27D0-47F0-ACBC-CEC6DF74E030}" = protocol=6 | dir=out | app=system | "{6B04D6E3-1EEB-467F-8E2F-054E45D2DDBA}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{72D22C91-9085-4AD8-A74F-3275216C1498}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{75997603-D382-4EEF-BC54-4D39924CBE31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{78DBBB0D-3796-46CB-8896-0F816B654278}" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\local\google\google talk plugin\googletalkplugin.exe | "{7BF1CA5C-47B2-45D5-B4C0-5735D1CDC301}" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\local\google\google talk plugin\googletalkplugin.exe | "{7E07A7AF-45F9-4D06-8F85-3630F9D0B7C7}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe | "{827CDDA9-F740-47F5-B2E0-3783EB153623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A63FD94-B413-4180-AB13-875B488CCAEF}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{95F12B64-F4D7-4DC4-8D4D-01A4556424CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9FF2FDFA-BC28-4B22-9E3E-636F71B7D1EA}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe | "{A2DDFFDC-3787-4791-9C33-C533002B9FF3}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "{A3D8A6A6-270C-4372-A554-3D613A2F0A97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A55EE905-ABD2-40D7-AD96-95489A10F1E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA8F942B-A103-4989-A992-C35812700AE6}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "{B1531579-0019-41FD-8248-492A9CF756B3}" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe | "{B9392300-321A-4620-BA24-6F56CCB57EB3}" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\local\akamai\netsession_win.exe | "{BAC08545-9FD8-4AE2-B40B-943407DA2262}" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\local\google\google talk plugin\googletalkplugin.exe | "{BD188D3A-93E3-47F9-836F-5F2C6220B296}" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\local\akamai\netsession_win.exe | "{C0B2CAED-8377-4C21-AB18-6471C7E9A418}" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe | "{DA7D6220-2978-4885-BE51-6CBEFBBC145F}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{DCAC40E0-A8AA-46B6-81D3-A09BB89428FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DFD87A25-6389-414D-8D68-0B7575B7E7FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7E76AE8-4E46-4C04-9CA1-6CEBA05A432B}" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\local\google\google talk plugin\googletalkplugin.exe | "{E8AD195B-F4ED-4505-BE71-56B485B90D04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EFF2325A-159F-4A48-AF43-53E7A77939DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7DFE4EB-E59D-41E5-B595-33487A23FE95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{300571C9-4A74-4965-A69F-CCB945ABADF9}C:\users\bf2010\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\local\akamai\netsession_win.exe | "TCP Query User{D5C1D073-1C0C-40E1-9519-D70C18B42B0C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E3D147E6-0C4F-44D4-B31F-838A8519792A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{F5B98D4C-A13B-485E-BDC7-F1CA27BBCF5A}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{03CCABF2-BD26-4439-9E93-1FC7C0024591}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{0AFCB228-3EFE-46C4-83C5-8AC29887D176}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{7F1B367A-F033-43BD-9F20-249107AC986B}C:\users\bf2010\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\local\akamai\netsession_win.exe | "UDP Query User{AF4A02AF-EFCC-4198-9C41-DDEC47B3264E}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform "{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}" = CCC Help Spanish "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer "{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel "{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{092888A8-8F3B-4C31-8636-F9632030C971}" = calibre "{0B15A8C3-3B8A-F229-A880-82EA62908425}" = CCC Help Dutch "{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update "{0C41D003-E38E-4C8A-BA67-AFF061E27F3F}" = Microsoft Mouse and Keyboard Center "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F "{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB) "{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 P****r "{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}" = CCC Help Russian "{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0 "{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}" = CCC Help Swedish "{2090B6D0-E025-5A67-9838-8F1D5768E643}" = CCC Help Chinese Standard "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 67 "{286DDBD0-6355-428F-8BD5-822CF08606EC}" = Windows Live MIME IFilter "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2AD4FF67-43E9-77AD-D90C-584F950E2D12}" = CCC Help French "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EONENERGYFIT) "{2C3289CB-6AA8-42CC-808E-8BB671644CEF}}_is1" = Phereoshop version 2.0.3 "{2CC34925-D47D-BD10-AA1E-FAA76F3B5D82}" = AMD Wireless Display v3.0 "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{31A65C5A-73BF-AEE0-082D-1B6C0B9ACF31}" = AMD Drag and Drop Transcoding "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution "{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker "{3A577334-7C90-55BC-1878-F5862FA268B2}" = CCC Help Korean "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BF289E3-933B-F421-3B59-F6BB0D285B09}" = CCC Help Hungarian "{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}" = CCC Help Polish "{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform "{430E2D32-6EA9-E6E4-80A1-84047694A45B}" = CCC Help Czech "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4622F96A-780B-48B8-8304-1CD8A40043E8}" = MailWasherPro "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}" = CCC Help Italian "{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles "{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack "{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer "{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials "{6B594A3F-FDF9-74A0-B3F6-C2E7B6AA339F}" = AMD Media Foundation Decoders "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}" = CCC Help Thai "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{769E98DC-2BB0-83A7-51C9-306F30232345}" = Catalyst Control Center Graphics Previews Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{80F52BC0-7AC5-17C3-F34B-8613E213D44D}" = AMD Accelerated Video Transcoding "{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}" = CCC Help Portuguese "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FB054C-7DA5-1C76-BFB2-423426DC35BB}" = AMD Catalyst Control Center "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A640069-9784-701E-AC8E-84F62C42D1A3}" = CCC Help English "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}" = Microsoft Windows Debugging Symbols "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{93098E43-2743-1551-447F-2699E9591E9C}" = CCC Help Danish "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater "{99415B03-525E-3FEA-2A60-359FD6BCD368}" = ccc-utility "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software "{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer "{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}" = CCC Help Chinese Traditional "{A619A488-A4BA-F2A0-72FA-4C484B93DC0F}" = CCC Help Greek "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7 "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25 "{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail "{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail "{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}" = Acronis True Image Home 2012 "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible" = Acronis True Image Home 2012 "{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin "{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}" = CCC Help Norwegian "{C60F3836-333A-4AE2-B526-CFDBA143A9BA}" = Google Drive "{C6182116-5F2D-9949-B42B-06073E86A98A}" = CCC Help German "{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}" = Windows Live Family Safety "{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps "{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery "{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common "{CC6C7F05-AF23-65BD-702D-705EAB723578}" = CCC Help Japanese "{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE "{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console "{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}" = CCC Help Turkish "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}" = Catalyst Control Center Localization All "{DC7723BE-A2BB-58A0-4820-5630F9B82198}" = AMD Catalyst Install Manager "{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker "{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}" = Evernote v. 5.6.4 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2 "{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A6308C-55E6-57DF-95BB-AEEF374B469A}" = CCC Help Finnish "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F543B0F9-D1F9-25D1-993C-8430BEC9D889}" = Catalyst Control Center InstallProxy "{FC41E924-9AF0-8BD3-2DB0-A688628AF474}" = AMD Fuel "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AI RoboForm" = RoboForm 7-9-10-1 (All Users) "Belarc Advisor" = Belarc Advisor 8.1 "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "Creative Jukebox Driver" = Creative Jukebox Driver "DivX Setup" = DivX Setup "FileHippo.com" = FileHippo.com Update Checker "Flickr Uploadr" = Flickr Uploadr 3.2.1 "Gadwin PrintScreen" = Gadwin PrintScreen "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "IE7ProSpellCheckDictionary_is1" = Spelling Check Dictionary From OpenOffice.org "IrfanView" = IrfanView (remove only) "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025 "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 33.0 (x86 en-GB)" = Mozilla Firefox 33.0 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opanda IExif_is1" = Opanda IExif 2.3 "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "Raptr" = Raptr "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Samsung PC Studio 7" = Samsung PC Studio 7 "Secunia PSI" = Secunia PSI (3.0.0.2004) "sp6" = Logitech SetPoint 6.51 "Speccy" = Speccy "SystemRequirementsLab" = System Requirements Lab "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 5.10 (32-bit) "WordWeb" = WordWeb Pro "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp "Akamai" = Akamai NetSession Interface "AOL Messaging Toolbar" = AOL Messaging Toolbar "Dropbox" = Dropbox "Google+ Auto Backup" = Google+ Auto Backup "OpenOffice.org Packages" = OpenOffice.org Packages "WinDirStat" = WinDirStat 1.1.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06/11/2014 04:11:46 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 06/11/2014 09:49:24 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 06/11/2014 09:49:24 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 06/11/2014 11:08:49 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 06/11/2014 11:08:49 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 06/11/2014 11:58:19 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 06/11/2014 11:58:19 | Computer Name = BF2010-PC | Source = MSSQL$EONENERGYFIT | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 06/11/2014 12:26:13 | Computer Name = BF2010-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ddc Start Time: 01cff9ddd3974162 Termination Time: 2 Application Path: C:\Users\BF2010\Downloads\OTL.exe Report Id: Error - 06/11/2014 13:29:13 | Computer Name = BF2010-PC | Source = Windows Search Service | ID = 7040 Description = Error - 06/11/2014 13:29:13 | Computer Name = BF2010-PC | Source = Windows Search Service | ID = 7042 Description = [ System Events ] Error - 06/11/2014 06:04:59 | Computer Name = BF2010-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80004005: Windows 7 Service Pack 1 (KB976932). Error - 06/11/2014 09:50:35 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 06/11/2014 09:50:36 | Computer Name = BF2010-PC | Source = DCOM | ID = 10005 Description = Error - 06/11/2014 09:50:36 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 06/11/2014 11:10:01 | Computer Name = BF2010-PC | Source = DCOM | ID = 10005 Description = Error - 06/11/2014 11:09:59 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 06/11/2014 11:10:01 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 06/11/2014 11:59:37 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 06/11/2014 11:59:38 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 06/11/2014 11:59:38 | Computer Name = BF2010-PC | Source = DCOM | ID = 10005 Description = [ TuneUp Events ] Error - 24/08/2012 02:17:37 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:42 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:42 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:52 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:57 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:57 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:17:57 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:19:17 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:19:22 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 24/08/2012 02:19:31 | Computer Name = BF2010-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > -- Kindest Regards Bob Quote Member of:UNITE
Starbuck Posted November 11, 2014 Author Posted November 11, 2014 Hi Bob, There's a bit to clean up .... we'll do that first and then we'll sort out the problems in the error log. Hopefully this will sort out your windows updates problems and the re-installation of MSSE. There's quite a bit to do, so take your time... there's no rush. Step 1 Double click on OTL to run it. Vista/Windows 7 users right-click and select Run As Administrator. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :Otl FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaulturl: "https://uk.search.yahoo.com/yhs/search" FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)" FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: File not found [2014/06/20 05:40:55 | 000,009,425 | ---- | M] () -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\cd9e1ckw.default\searchplugins\yahoo-avast.xml O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found O13 - gopher Prefix: missing O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Driver Manager - hkey= - key= - File not found MsConfig - StartUpReg: Everything - hkey= - key= - File not found MsConfig - StartUpReg: FlashGet 3 - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: KSS - hkey= - key= - File not found MsConfig - StartUpReg: NBAgent - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: ShadowPlay - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig - StartUpReg: vProt - hkey= - key= - File not found MsConfig - StartUpReg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} - hkey= - key= - Reg Error: Value error. File not found [2014/10/25 05:52:03 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{A48E34A6-5BFA-462C-920F-89100535B48A} [2014/10/24 08:33:03 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{5D54C2D5-29CD-4466-9132-BE38017D463C} [2014/10/23 05:49:53 | 000,000,000 | ---D | C] -- C:\Users\BF2010\AppData\Local\{24F27E83-5FAF-431D-9C1C-666A183108E4} [2014/10/16 10:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2014/10/16 05:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Please download Windows Repair (all in one) Double click on the icon to install the program. Vista/Windows 7/8 users right-click and select Run As Administrator. When the program opens: Follow the Power reset advice in Step 1. http://img.photobucket.com/albums/v708/starbuck50/wr1_zps4cfeaa14.png You can skip Step 2 (as MBAM has already been run ) Click on the step 3: Optional tab. and allow it to run Disk check http://img.photobucket.com/albums/v708/starbuck50/wr2_zpsd3d90705.png Once that is done then go to step 4: Optional tab and allow it to run SFC http://img.photobucket.com/albums/v708/starbuck50/wr3_zpsae99b57b.png When finished, click on Step 5: Backup tab and click to allow both Registry and System Restore backups. http://img.photobucket.com/albums/v708/starbuck50/wr4_zpsece58e6d.png When finished, click on the Repairs tab Please disable your Anti Virus program before running the repair option. http://img.photobucket.com/albums/v708/starbuck50/wr5_zps500ffe69.png Click Open Repairs If asked to backup the registry and Create a fresh Restore point... allow it to do so. (but these should already have been done) When the repair page opens, click the following options: 01 02 03 04 05 06 08 10 17 19 21 26 27 Then click on Start Repairs. http://img.photobucket.com/albums/v708/starbuck50/wr6_zpseb6664d3.png DON'T use the computer while each scan is in progress. A restart may be needed to finish the repair procedure. Step 3 Let's make sure that all files for MSSE have been removed before trying to install a fresh copy: Please download Microsoft Security Essentials Removal Tool to your Desktop. Double click on the icon to run the program. Vista/Windows 7/8 users right-click and select Run As Administrator. Follow any prompts. Download a fresh copy of MSSE from here: MS Security Essentials Double click on the icon to install the program. Vista/Windows 7/8 users right-click and select Run As Administrator. In your next reply, please submit: Otl fix report and let me know how things went with the Windows Repair program and the installation of MSSE Thanks. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.