Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan vundo malware.trace and many PUPS found.


  • This topic is locked This topic is locked
10 replies to this topic

#1 whatdoesntthefoxsay

whatdoesntthefoxsay

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 July 2014 - 09:23 AM

decided to check the family computer as nobody else does, and found a fair of these creeping around. as much as I try to tell the less tech savvy and computer safety knowledgeable of the family they don't seem too sure on whats good and what isn't

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by john at 15:21:17 on 2014-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4085.2437 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D9B3A27-5E2D-4F18-A75B-C844F74FD20E} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PAC7302_Monitor] C:\windows\PixArt\PAC7302\Monitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\ze3hv9li.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_45.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel® QuickData Technology device;C:\windows\System32\drivers\ioatdma.sys [2009-11-16 46792]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-7 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe [2011-3-4 126392]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-28 314400]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-4-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-7-6 56344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-9-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-27 1255736]
.
=============== Created Last 30 ================
.
2014-07-17 14:05:55 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-17 14:05:42 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-07-17 14:05:42 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-07-17 14:05:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 12:49:18 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CB58473-BFBD-4AE7-A652-AAFC0084030B}\mpengine.dll
2014-07-16 12:27:45 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-11 12:15:22 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11E9347A-05FB-480B-A330-03740E23A099}\gapaengine.dll
2014-06-24 18:21:25 -------- d-----w- C:\Program Files\iPod
2014-06-24 18:21:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 18:21:24 -------- d-----w- C:\Program Files\iTunes
2014-06-24 18:21:24 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-05-12 06:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
.
============= FINISH: 15:22:25.44 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 18 July 2014 - 04:39 PM

Good evening. :)

Can you tell me what you scanned the PC with that found the above nasties.


So long, and thanks for all the fish.

 

 


#3 whatdoesntthefoxsay

whatdoesntthefoxsay
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 18 July 2014 - 06:58 PM

Of course. I used malwarebytes.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 19 July 2014 - 10:49 AM

Good afternoon. :)

Will you open up MBAM, click on the Logs Tab and let me have the contents of the log that contains the detections that you mention in the title of this thread.


So long, and thanks for all the fish.

 

 


#5 whatdoesntthefoxsay

whatdoesntthefoxsay
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 July 2014 - 04:17 PM

Sadly I can't seem to do that, when I open the log it is blank. There must of been an issue during the scan.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 19 July 2014 - 05:00 PM

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 


So long, and thanks for all the fish.

 

 


#7 whatdoesntthefoxsay

whatdoesntthefoxsay
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 20 July 2014 - 09:37 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentBar\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mykie\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\teigan\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\teigan.teigan-PC\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Mykie\AppData\Local\temp\CDBurnerXP-updates\cdbxp_setup_4.5.2.4478.exe Win32/OpenCandy potentially unsafe application
C:\Users\Mykie\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\teigan.teigan-PC\AppData\Local\GuffinsAuto.exe a variant of Win32/AdInstaller potentially unwanted application
 



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 20 July 2014 - 01:43 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#9 whatdoesntthefoxsay

whatdoesntthefoxsay
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 23 July 2014 - 10:34 AM

OTL logfile created on: 23/07/2014 16:26:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\john\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.87% Memory free
7.98 Gb Paging File | 6.49 Gb Available in Paging File | 81.30% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.70 Gb Total Space | 710.48 Gb Free Space | 76.92% Space Free | Partition Type: NTFS
 
Computer Name: TEIGAN-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/23 16:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
PRC - [2014/03/12 00:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012/07/03 13:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 13:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 13:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/11/26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/12 00:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/12 00:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/10 02:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/07/03 13:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/08 17:26:00 | 003,519,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 15:33:03 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/11 10:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/12/19 18:11:40 | 000,314,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/16 07:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 07:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 07:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/09/23 13:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/01 17:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/09/10 09:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{34AE55DD-0629-41F7-8FAA-47286AC11D2A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D8DFB486-5C56-49B0-8C72-36C537DB677F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\..\SearchScopes,DefaultScope = {16066DE5-5AF8-4E79-BC1B-F80E0712E183}
IE - HKCU\..\SearchScopes\{16066DE5-5AF8-4E79-BC1B-F80E0712E183}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
IE - HKCU\..\SearchScopes\{D8DFB486-5C56-49B0-8C72-36C537DB677F}: "URL" = http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 11:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/30 09:55:15 | 000,000,000 | ---D | M]
 
[2012/06/20 11:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\Mozilla\Extensions
[2013/05/22 17:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\ze3hv9li.default\extensions
[2013/12/19 21:38:57 | 000,000,921 | ---- | M] () -- C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\ze3hv9li.default\searchplugins\yahoo.xml
[2012/06/20 11:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/12/24 17:48:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9B3A27-5E2D-4F18-A75B-C844F74FD20E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/23 16:25:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2014/07/20 13:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/07/17 15:20:20 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\john\Desktop\dds.com
[2014/07/17 15:05:55 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/17 15:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/17 15:05:42 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/17 15:05:42 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/17 15:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/24 19:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/24 19:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/24 19:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/24 19:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/24 19:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/30 10:49:04 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\john\AppData\Roaming\pcouffin.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/23 16:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2014/07/23 16:25:05 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/23 15:37:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/23 13:59:50 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 13:59:50 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 13:55:35 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/07/23 13:55:35 | 000,666,652 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/07/23 13:55:35 | 000,126,328 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/07/23 13:51:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/23 13:51:03 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/17 15:33:03 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/17 15:20:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\john\Desktop\dds.com
[2014/07/17 15:05:49 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/10 14:10:30 | 004,893,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/06/24 19:22:01 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/24 19:22:01 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/04 15:58:14 | 000,001,456 | ---- | C] () -- C:\Users\john\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/01/30 10:49:04 | 000,099,384 | ---- | C] () -- C:\Users\john\AppData\Roaming\inst.exe
[2013/01/30 10:49:04 | 000,007,859 | ---- | C] () -- C:\Users\john\AppData\Roaming\pcouffin.cat
[2013/01/30 10:49:04 | 000,001,167 | ---- | C] () -- C:\Users\john\AppData\Roaming\pcouffin.inf
[2013/01/29 18:43:18 | 000,001,074 | ---- | C] () -- C:\Users\john\Pictures - Shortcut.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/10 15:15:32 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\calibre
[2011/04/08 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Canneverbe Limited
[2011/10/11 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\EPSON
[2013/07/30 12:46:58 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\FlowStone
[2013/07/30 12:47:14 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Image-Line
[2012/06/20 12:18:27 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\IObit
[2013/07/28 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Publish Providers
[2013/12/27 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Sony
[2011/03/21 16:38:46 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Stella
[2011/04/09 10:30:23 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Tific
[2014/02/02 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\uTorrent
[2013/12/27 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Vso
[2011/11/28 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras logfile created on: 23/07/2014 16:26:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\john\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.87% Memory free
7.98 Gb Paging File | 6.49 Gb Available in Paging File | 81.30% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.70 Gb Total Space | 710.48 Gb Free Space | 76.92% Space Free | Partition Type: NTFS
 
Computer Name: TEIGAN-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD4B6A5-47A2-49C8-B9F9-717B7AD2E7EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2673D5AE-3BC4-4AC9-9075-8254F4497E5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{29285BEC-3B15-4448-A30F-B03EC9089F9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B68801E-A67D-4D49-BBCD-B5B8E9AE9A2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D1E46EF-4049-4B7A-9BE9-D778308893D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{343F0791-3134-47AC-B2B5-602E86F23DC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C92822B-DE73-489E-B68B-C28B56DD6A72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46746204-CF6E-4203-B653-FC92997D7980}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{595A8BDA-130C-4F4D-B54B-24192D0B3D8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B1153A8-5DA7-4527-8B17-B8ED9958EF88}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D3B5F3B-ED40-4098-92E7-3980396EEDE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{76F650D9-1A6C-4730-A544-64A463359A9E}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{7B5A2239-15ED-41DE-B5BF-27D101B87253}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{8511BCD9-8522-4A48-AD56-878D86EB3A8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F0AA9B7-EF49-4154-BC4C-3D717BF47155}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F3C6224-3C76-4DE8-B981-FE6DC9F570FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F83EA50-CB11-49FB-A270-9C3B864348B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93488242-273A-42E2-A1F1-612897A7CE99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{96DB06AA-2102-48A1-8B06-0E99E9FA5E79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4C15906-3288-4C83-B5E9-281B87848707}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD39F234-26F2-459A-8A39-965DBF0F12D3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B25D8429-7A96-435D-9B53-B73549355F08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B7C7CE7F-BA45-435F-A0E7-15765245C0DA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C50ED7F0-EB31-4408-86C6-B13EBA90AD2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{C62B5BB0-0978-4FEE-8C6C-7D16C0657D8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8F28DF2-5116-4E44-B82C-D652E1A16E26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6192B52-360F-4919-8E5F-A3356B419BB7}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE59D26B-07D3-4A5F-A6E9-1D4F99A0C033}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF9B204E-40BD-4B1B-88B2-57FB3A29AE68}" = lport=137 | protocol=17 | dir=in | app=system |
"{F86216E7-1C15-4071-BB4C-F3FC265C2FB6}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{FE85F335-72E4-4FF8-9073-20DAEB2DA86C}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{FF302FE9-BB1B-4C9F-B7B9-3C546EC1B698}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0037044B-C619-4AED-A300-33D082A520F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{07C62DBD-4469-4866-B998-01F70FCB1114}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0875FFB0-4A80-4C0F-A6F9-525001BE8649}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E4AD706-19FD-40D7-93D3-3164C6D3334D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10558064-0720-4544-8DE4-EB3786CB5BCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{187D3E93-05BF-4E44-AD2D-C4111022DC86}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1C004B34-BEE2-40C8-BD76-240DFF30A458}" = dir=in | app=%programfiles%\sony\vegas pro 12.0\vegas120.exe |
"{1E317006-FEE4-465D-B958-FA6BB69F7A8A}" = protocol=6 | dir=in | app=c:\users\mykie\desktop\steam\steam.exe |
"{216F29F0-B928-416C-908E-3B5B17E46053}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{226AB153-1CC6-4E6F-A143-688C6FC46151}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{247F2A37-011C-4A18-A947-7C66F34C6123}" = protocol=17 | dir=in | app=c:\users\mykie\desktop\steam\steam.exe |
"{27933CC2-6367-49BB-9FB5-05BC020808F3}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{2A4E9F90-3A41-452F-8489-DCDDA189992A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2AAF61B0-F62C-48C3-8450-690F0F291FEC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C809C7E-C78B-40E3-BABC-576DB5F89133}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E9B3DDE-9784-46AD-AEBB-936752E510DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{31A99F06-3F74-41C9-8863-B9425C230F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{329DD014-A0F5-4E9B-89E2-4207ED009EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{3411181F-4A21-489B-B406-E6D2A9E3E2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3CC7973E-EF41-4CF6-A7AB-9945E2B0DFF9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{41AE480A-646A-4A58-AA8B-59E509202193}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{443B3AF0-5D95-4707-BD48-F230D0509198}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4500BDEF-6C1C-4C87-B965-E727AC4C204A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{48F33DA9-C7F5-438A-A41F-BE5878773F74}" = dir=in | app=%programfiles% (x86)\image-line\fl studio 11\fl.exe |
"{4FFD48E5-4CD6-4452-91E1-25458E93A775}" = dir=in | app=%programfiles% (x86)\adobe\adobe photoshop cs6\photoshop.exe |
"{517F6E71-FA6C-4B65-B89E-7AC701EC77D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{548E08D4-EB85-4686-8B5B-1046EBA592DA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{562ECDC4-D024-4BA9-B043-B618FFCF2F38}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{57CE1BA0-E9DD-4910-B0A9-2C045BCE06E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{582785FD-7707-483E-8919-6B08F9FB852C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{5E6A36F4-4F70-4685-B157-6486B0F8D904}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{6511AA05-92AB-4A68-8AE6-760050CEFC34}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{69A2F1CC-6541-4D48-A446-A27998FBB649}" = protocol=6 | dir=out | app=system |
"{6BBC6EDB-4208-4D24-BB25-5C89C24C6351}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{715EB9D3-B13A-4328-A2AC-735755B67CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7330EF3E-4B2B-4885-8066-BB3EDA1B4FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{75C45727-1AD3-4352-9BDE-CCB1F2DC8C8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79F371F6-BF55-4A33-8A39-43E4AE0A7735}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{7A1ED34C-911A-4D7B-AA25-13EB13880E2A}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"{89E61344-6174-44E8-B873-2485199FFD45}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8EC307A4-477C-445B-8DE9-D75EC0D895DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{93220C15-FB5E-4D42-9802-E62422B2770D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9995E431-491A-4EBA-865A-2E4A9FC61042}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9ED6F8FD-FE30-4FFB-A06B-86A9FC5BA727}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{9F6336DF-1B04-42BA-A401-FFBAEEFC4695}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{9FF2013D-0B1C-4B6B-A3F6-1D5EC4327259}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{A1A12954-4578-4342-B240-639984B6712E}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{A9C1227B-19FB-4F3A-B997-0BD2196BD233}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AE1DF9DE-9764-4FFF-AA26-A20C710C2BEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AFF66CF6-731F-45A9-9608-D0C7F08550A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B20B11D6-59D5-4D6A-B180-FF3F154BA90D}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{B69BCD48-64FF-496C-9320-F9A9C735B7E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{BF8AA732-C79E-4F49-A0B3-812D23E2958F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{C00C0D13-7505-4850-9B1B-74A61A3FAA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C17F319B-C071-426C-B329-167E0B53DF70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{C681EC7A-DA49-4C7D-87CA-2B179F845E45}" = dir=in | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe |
"{C72A90E2-0990-42CF-A8D8-4F80449878C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C783DDD4-4609-4328-91D6-3ECA6B5771F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBAA7448-F1FA-444A-956C-63143237AB5A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D18E2F30-B030-4698-B000-55B0E6BF902E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D21590B6-F96F-48DD-A753-6B4EC5074AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{D296719F-E846-447A-B3FC-3BAAA28F5F27}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{D584E5C5-E82F-408C-AFDD-2716B666063F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6DF0581-9FAA-41DB-B72C-E4BF7B1E4018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{D90C1C26-0A2A-4B10-B1C4-23AA3F601296}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9B28233-B3E0-498C-BD78-AA15B323F339}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D9C016E5-4B2C-47A4-9D40-D2712AAF0557}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{DEE3BD90-44CB-4AAF-B8EB-325C074C51A7}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"{E9004941-1FCB-4D9F-BC31-AAA55F3A006A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{E967F694-9F04-440C-89A3-EB068D359C88}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{F127A79E-800F-41B5-A43E-CF924FC925CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4F3CBF0-A95A-4E9D-A173-092B7014EF93}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{F5EF0954-7DF6-428A-927D-522DBEF93463}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F710D1B6-75EC-4E04-ACEE-CB54A1FEFEE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{F7DE6104-91CB-42E7-A6E8-07A4C6608A58}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FA6FE22F-C042-44A3-8B13-874EAED67F72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"TCP Query User{079D7FC4-2620-48BC-96CE-803D146EF6A3}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{72EEB33E-A593-41A3-B5FF-AD6036B9DE91}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{83C836C0-FADC-4BF4-9D61-053D4D2D317A}C:\users\mykie\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\mykie\desktop\left 4 dead\left4dead.exe |
"TCP Query User{B84186BB-0433-4AC7-93F9-508EEC98CE69}C:\users\john\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{C7586CF0-2188-462B-8E7D-3CA779868275}C:\users\mykie\desktop\games\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\users\mykie\desktop\games\portal 2\portal2.exe |
"TCP Query User{F639CDD4-A663-4F57-B891-313E2FE3FB66}C:\users\mykie\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\mykie\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{FF10EBDF-967A-4CDB-B6BA-57B7BD6C3544}C:\users\mykie\appdata\local\microsoft\windows\temporary internet files\content.ie5\5038bx0l\do_full-client_downloader[1].exe" = protocol=6 | dir=in | app=c:\users\mykie\appdata\local\microsoft\windows\temporary internet files\content.ie5\5038bx0l\do_full-client_downloader[1].exe |
"UDP Query User{007828AA-C877-4C98-B10D-7C4E420E5911}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{05216B97-E0C1-4E96-AB2E-E9F787A81812}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{18EC4F3C-EA37-432B-8616-7D9C4F4C1B84}C:\users\mykie\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\mykie\desktop\left 4 dead\left4dead.exe |
"UDP Query User{96452F3C-F078-4368-A7C8-E814E43B8C25}C:\users\mykie\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\mykie\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{B9669123-64AA-4406-957A-F8195F427653}C:\users\mykie\desktop\games\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\users\mykie\desktop\games\portal 2\portal2.exe |
"UDP Query User{BC78398F-4881-41DF-A5C9-C74B1D5119AB}C:\users\mykie\appdata\local\microsoft\windows\temporary internet files\content.ie5\5038bx0l\do_full-client_downloader[1].exe" = protocol=17 | dir=in | app=c:\users\mykie\appdata\local\microsoft\windows\temporary internet files\content.ie5\5038bx0l\do_full-client_downloader[1].exe |
"UDP Query User{E7539D06-E5ED-494E-A943-BBE859DBB6D0}C:\users\john\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 45
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FFBF70A-9D40-4C3C-8F6C-6C3237B419BA}" = Scrolls
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3F7BB0F7-E782-4086-BD9E-762204239605}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2FB4DB1-DCAE-45DF-8755-00DC047ACF80}" = Nero 12
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 5.5.6
"ESC79_D78 User's Guide" = ESC79_D78 User's Guide
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"OpenAL" = OpenAL
"Scrolls 1.0.0" = Scrolls
"Steam App 12900" = Audiosurf
"Steam App 212680" = FTL: Faster Than Light
"Steam App 31280" = Poker Night at the Inventory
"Steam App 41050" = Serious Sam Classic: The First Encounter
"Steam App 41500" = Torchlight
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29/05/2014 08:09:32 | Computer Name = teigan-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 29/05/2014 13:27:56 | Computer Name = teigan-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 29/05/2014 20:39:56 | Computer Name = teigan-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 30/05/2014 04:54:11 | Computer Name = teigan-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 01/06/2014 11:33:25 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MSHTML.dll, version: 11.0.9600.16476,
 time stamp: 0x52947390  Exception code: 0x4000001f  Fault offset: 0x001f5551  Faulting
 process id: 0xdf4  Faulting application start time: 0x01cf7da54d78578b  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: 11bcd3f9-e9a2-11e3-8161-90fba68d08f1
 
Error - 14/07/2014 10:43:01 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.4.0, time stamp:
0x507c71cd  Faulting module name: vlc.exe, version: 2.0.4.0, time stamp: 0x507c71cd
Exception
 code: 0xc0000005  Fault offset: 0x00001665  Faulting process id: 0xf34  Faulting application
 start time: 0x01cf9f71e1e34e38  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: 27387876-0b65-11e4-ac3a-90fba68d08f1
 
Error - 14/07/2014 10:43:54 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.4.0, time stamp:
0x507c71cd  Faulting module name: libmkv_plugin.dll, version: 0.0.0.0, time stamp:
 0x507c71cf  Exception code: 0x40000015  Fault offset: 0x0007b881  Faulting process id:
 0x848  Faulting application start time: 0x01cf9f71eccf5559  Faulting application path:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Faulting module path: C:\Program Files
 (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll  Report Id: 46e8cfdf-0b65-11e4-ac3a-90fba68d08f1
 
Error - 17/07/2014 10:32:50 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xa58  Faulting application start time: 0x01cfa1cbedae4503  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 3a4c328a-0dbf-11e4-b8ce-90fba68d08f1
 
Error - 17/07/2014 10:33:13 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0x1238  Faulting application start time: 0x01cfa1cc03c216f2  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 47e66d64-0dbf-11e4-b8ce-90fba68d08f1
 
Error - 23/07/2014 09:44:05 | Computer Name = teigan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.4.0, time stamp:
0x507c71cd  Faulting module name: vlc.exe, version: 2.0.4.0, time stamp: 0x507c71cd
Exception
 code: 0xc0000005  Fault offset: 0x00001665  Faulting process id: 0x348  Faulting application
 start time: 0x01cfa67a952902a2  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: 695ad44d-126f-11e4-836b-90fba68d08f1
 
[ System Events ]
Error - 29/06/2014 07:19:46 | Computer Name = teigan-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.177.901.0     Update Source: %%859     Update Stage:
 %%854     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

 User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0

 Error
 code: 0x8024001e     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
Error - 03/07/2014 10:48:48 | Computer Name = teigan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 03/07/2014 10:48:50 | Computer Name = teigan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/07/2014 13:33:51 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 10/07/2014 13:33:51 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 10/07/2014 13:33:52 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 14/07/2014 12:35:08 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 14/07/2014 12:35:08 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 14/07/2014 12:35:08 | Computer Name = teigan-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 18/07/2014 13:14:47 | Computer Name = teigan-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.179.310.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

 User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10802.0

 Error
 code: 0x8024001e     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
 
< End of report >



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 23 July 2014 - 11:53 AM

Good evening. :)

Your version of Sun Java needs updating:

1) Go here, click the Free Java Download button and save the file somewhere handy.

2) Pay a visit to this page for a tutorial and download link for JavaRa. This will completely remove Java from your system in preparation for  installing the latest version.

3) Once the removal process has been completed, run the installer you downloaded in Step One and that should be that.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

You should also update Firefox as it is a little out of date too. You can do that from within Firefox:  Help > About Fireox

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

µTorrent has the potential to infect machines due to the risk of downloading infected files. Whether you leave it on or not is your choice, but the risk remains the same.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

 

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Of the files that ESET detected, most can be dealt with by deleting the contents of the folder C:\AdwCleaner\Quarantine. This is the quarantine folder for ADWCleaner, which given it's name is probably obvious to you.

 

Personally i'd remove the two below as well, but that is down to you. They look like they could ne installers, so it's possible that they have already been run and their payload delivered, but better safe than sorry.

 

C:\Users\Mykie\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\teigan.teigan-PC\AppData\Local\GuffinsAuto.exe a variant of Win32/AdInstaller potentially unwanted application

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

That's about it as far as I can tell from the logs you have posted, so unless you have any actual problems i'd cross my fingers and wait for the next time.


So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:04 AM

Posted 26 July 2014 - 03:39 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users