Jump to content

Vicious1

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Vicious1
    Thank you both very much step #1 fixed the problem. I am running it now. One question I run MAMB every day is that fine?
  2. Vicious1
    This is before the clean re-install. I was not able to locate MBAM on windows firewall... Should I do these 2 steps now.. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2xIf that does not correct the issue, then please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
  3. Vicious1
    1. Time was off by 50 seconds > Fixed now. 2. I am using windows firewall but i don't see Malwarebytes in either the inbound or outbound logs. Not really to competent with this I need some direction. (I am guessing I need to create a new rule). 3. No detected threats, however my quarantine is now empty... it had at least 12 entries previously.
  4. Vicious1
    As you can see my Malwarebytes is acting up. I believe this is due to some sort of virus. The Fix Now>> button does not work. I cannot update the database and it will not allow "Real-Time Protection." It was working fine last night. This morning I go to turn on the PC and after entering my password I was taken to a black screen w/ only mouse visible for 20 minutes before I manually restarted PC. Looking for help
  5. Vicious1
    gringo_pr for president! I can really tell the difference in my machine now compared to when we first began. I thank you tremendously!
  6. Vicious1
    So i didn't save everything to desktop all the time some were in downloads can i just move the rest of the programs into trash can or will that not uninstall them? considering they don't show up as programs to uninstall; or should i reinstall and re run clean it? Thanks Gringo! Your the man. I would donate to you but they wont accept my ( City, State, ZIP code: Please enter a valid combination of City, State, and ZIP code.State: Please enter a valid State.ZIP code: Please enter a valid ZIP code. )Even though its all filled out properly dunno whats going on. This had nothing to do with a virus i don't believe but i have no uefi setting in windows 8; therefore i dunno how to access my bios any idea what happened to it etc?
  7. Vicious1
    I removed the unnecessary start-up programs. Ran Eset and nothing was found.
  8. Vicious1
    Log MBAM Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.04.01 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16660Mark :: PC [administrator] Protection: Enabled 9/3/2013 11:52:52 PMmbam-log-2013-09-03 (23-52-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 244004Time elapsed: 1 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) HiJackThis Log Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:58:58 PM, on 9/3/2013Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v10.0 (10.00.9200.16660)Boot mode: Normal Running processes:G:\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exeC:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Mark\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLLO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [spotify] "C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartO4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [skype] "G:\Skype\Phone\Skype.exe" /minimized /regrunO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - G:\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 8875 bytes I never had to click okay to view the results and there were no boxes to check after i ran running malwarebytes?Could this have been transferred to my computer physically by usb? by any chance?computer okay
  9. Vicious1
    ComboFix 13-09-02.02 - Mark 09/03/2013 21:54:20.3.8 - x64 Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.16278.14228 [GMT -4:00] Running from: c:\users\Mark\Downloads\ComboFix.exe Command switches used :: c:\users\Mark\Desktop\cfscript.txt AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-08-04 to 2013-09-04 ))))))))))))))))))))))))))))))) . . 2013-09-04 01:56 . 2013-09-04 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-09-04 01:56 . 2013-09-04 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-03 22:06 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7AEFE04-BEAE-43AF-99FE-E7EF36FE5A3B}\mpengine.dll 2013-09-03 14:58 . 2013-09-03 14:59 -------- d-----w- c:\users\Mark\AppData\Local\Deployment 2013-09-03 14:58 . 2013-09-03 14:58 -------- d-----w- c:\users\Mark\AppData\Local\Apps 2013-09-03 04:13 . 2013-09-03 04:13 -------- d-----w- C:\_OTL 2013-09-02 18:31 . 2013-09-04 01:56 -------- d-----w- c:\users\Mark\AppData\Local\temp 2013-09-02 13:52 . 2013-09-02 13:52 -------- d-----w- c:\windows\ERUNT 2013-09-02 13:49 . 2013-09-02 14:06 -------- d-----w- C:\AdwCleaner 2013-09-01 20:53 . 2013-09-01 20:53 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes 2013-09-01 20:52 . 2013-09-01 20:52 -------- d-----w- c:\programdata\Malwarebytes 2013-09-01 20:52 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-01 20:52 . 2013-09-01 20:52 -------- d-----w- c:\users\Mark\AppData\Local\Programs 2013-09-01 19:35 . 2013-09-01 19:35 -------- d--h--r- c:\users\Public\AccountPictures 2013-09-01 18:55 . 2013-09-03 04:14 -------- d-----w- c:\windows\SysWow64\NV 2013-09-01 18:55 . 2013-09-03 04:14 -------- d-----w- c:\windows\system32\NV 2013-09-01 17:37 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-09-01 17:37 . 2013-08-20 13:32 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-09-01 17:37 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-09-01 17:37 . 2013-09-01 17:37 -------- d-----w- c:\users\Mark\AppData\Local\NVIDIA 2013-09-01 17:36 . 2013-09-01 17:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-01 17:35 . 2013-09-01 17:36 -------- d-----w- c:\windows\LastGood 2013-09-01 15:10 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll 2013-09-01 04:58 . 2013-09-01 04:58 -------- d-----w- c:\users\Mark\AppData\Local\WarThunder 2013-09-01 04:58 . 2013-09-01 04:58 -------- d-----w- c:\programdata\WarThunder 2013-09-01 04:16 . 2013-08-20 09:06 941720 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F26BE5F-0399-4A1F-8B27-A04CFD77DE0B}\gapaengine.dll 2013-08-31 23:41 . 2013-08-31 23:41 -------- d-----w- c:\users\Mark\AppData\Local\IsolatedStorage 2013-08-31 23:40 . 2013-08-31 23:40 -------- d-----w- c:\users\Mark\AppData\Local\Downloaded Installations 2013-08-31 23:14 . 2013-08-31 23:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-31 23:14 . 2013-08-31 23:14 -------- d-----w- c:\program files (x86)\Java 2013-08-25 18:38 . 2013-08-25 18:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-08-25 18:37 . 2013-08-25 18:50 -------- d-----w- c:\users\Mark\AppData\Local\Adobe 2013-08-25 16:39 . 2013-08-25 16:39 -------- d-----w- c:\users\Mark\AppData\Local\HP 2013-08-25 16:21 . 2012-10-17 08:31 741480 ------w- c:\windows\system32\HPDiscoPM6412.dll 2013-08-25 16:19 . 2013-08-25 16:19 -------- d-----w- c:\programdata\HP 2013-08-25 16:19 . 2013-08-25 16:19 -------- d-----w- c:\program files (x86)\HP 2013-08-25 16:17 . 2013-08-25 16:17 -------- d-----w- c:\program files\HP 2013-08-23 04:51 . 2013-08-23 15:34 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-08-23 04:43 . 2013-08-23 15:30 -------- d-----w- c:\program files\Microsoft Office 15 2013-08-15 03:22 . 2013-08-15 03:22 -------- d-----w- c:\users\Mark\AppData\Roaming\dvdcss 2013-08-13 18:47 . 2013-08-13 18:48 -------- d-----w- c:\windows\system32\MRT 2013-08-13 18:08 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-13 18:08 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-08-13 18:08 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-07 22:50 . 2013-01-31 14:44 36664 ----a-w- c:\windows\system32\uxtuneup.dll 2013-08-07 22:50 . 2013-01-31 14:44 30008 ----a-w- c:\windows\SysWow64\uxtuneup.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-31 23:14 . 2013-04-01 04:04 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-31 23:14 . 2013-04-01 04:04 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-13 18:47 . 2013-03-20 16:50 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-21 12:06 . 2013-04-01 05:25 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-06-21 12:06 . 2013-03-20 16:31 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-06-21 12:06 . 2013-02-26 07:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-06-21 12:06 . 2013-02-26 07:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-06-21 12:06 . 2013-02-26 07:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll 2013-06-21 12:06 . 2013-02-26 07:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-06-21 12:06 . 2013-02-26 07:32 266448 ----a-w- c:\windows\system32\nvinitx.dll 2013-06-21 12:06 . 2013-02-26 07:32 214448 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-06-21 12:06 . 2012-07-25 20:22 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-06-21 10:23 . 2013-03-19 15:46 6496544 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-21 10:23 . 2013-03-19 15:46 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-06-21 10:23 . 2013-03-19 15:46 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-21 10:23 . 2013-03-19 15:46 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-06-21 10:23 . 2013-03-19 15:46 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-21 09:16 . 2013-06-21 09:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-06-20 04:17 . 2013-03-19 15:46 3253909 ----a-w- c:\windows\system32\nvcoproc.bin 2013-06-16 22:41 . 2013-07-18 18:32 997632 ----a-w- c:\windows\system32\drivers\ndis.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-08-23 15:39 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-08-23 15:39 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-08-23 15:39 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\users\Mark\AppData\Roaming\Spotify\Spotify.exe" [2013-07-06 4640768] "Spotify Web Helper"="c:\users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-06 1104384] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-08-28 1811880] "Skype"="g:\skype\Phone\Skype.exe" [2013-06-21 19876456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2012-12-21 974864] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x] R4 SkypeUpdate;Skype Updater;g:\skype\Updater\Updater.exe;g:\skype\Updater\Updater.exe [x] S2 MBAMScheduler;MBAMScheduler;g:\malwarebytes' anti-malware\mbamscheduler.exe;g:\malwarebytes' anti-malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe;g:\malwarebytes' anti-malware\mbamservice.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x] S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\System32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 mamba2;Razer Mamba Driver;c:\windows\System32\drivers\mamba2.sys;c:\windows\SYSNATIVE\drivers\mamba2.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-03 14:59 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03 14:59] . 2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03 14:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-08-23 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-08-23 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-08-23 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-09-03 21:57:32 ComboFix-quarantined-files.txt 2013-09-04 01:57 ComboFix2.txt 2013-09-02 18:31 ComboFix3.txt 2013-09-02 18:24 . Pre-Run: 35,952,541,696 bytes free Post-Run: 35,887,394,816 bytes free . - - End Of File - - B0F40FEFA9E2AE635A0D583E44D7F99B A36C5E4F47E84449FF07ED3517B43A31 The computer seems pretty good.
  10. Vicious1

    Killing the bad stuff on muh pc

  11. Vicious1
    Seems to be clear, both browsers open to default and not yahoo. Can i now run my malwarebytes scan and windows defender?
  12. Vicious1
    Log ========== OTL ========== HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Mark\Downloads\cmd.bat deleted successfully. C:\Users\Mark\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Mark ->Java cache emptied: 1720417 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 2.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Mark ->Flash cache emptied: 5878 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09032013_001327 Hey, wanted to say thanks for all the help so far Gringo your the man! Looks like Internet Explorer cleared up I can now change and save homepage; and it opens up to google.com, but not chrome.
  13. Vicious1
    These forums are great; malwarebytes know what there doing! Again thanks for this great tool i shall spread the word.
  14. Vicious1
    Well i accidentally got carried away and posted both; and i don't see and option to edit..
  15. Vicious1
    Logs: OTL logfile created on: 9/2/2013 5:14:28 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Downloads64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.90 Gb Total Physical Memory | 13.71 Gb Available Physical Memory | 86.23% Memory free18.15 Gb Paging File | 15.70 Gb Available in Paging File | 86.53% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 118.90 Gb Total Space | 33.43 Gb Free Space | 28.12% Space Free | Partition Type: NTFSDrive G: | 931.51 Gb Total Space | 843.70 Gb Free Space | 90.57% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Mark | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mark\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)PRC - G:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - G:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - G:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll ()MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () ========== Services (SafeList) ========== SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (AVG)SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)SRV - (SkypeUpdate) -- G:\Skype\Updater\Updater.exe (Skype Technologies)SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (MBAMService) -- G:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- G:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (AVG)SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\Drivers\nvvad64v.sys (NVIDIA Corporation)DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\Drivers\nvhda64v.sys (NVIDIA Corporation)DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys ()DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (mamba2) -- C:\Windows\SysNative\Drivers\mamba2.sys (Razer USA Ltd)DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation )DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\Drivers\k57nd60a.sys (Broadcom Corporation)DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation)DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\Drivers\wdcsam64.sys (Western Digital Technologies)DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=293224&fr=spigot-yhp-ieIE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 4E 22 EF BC 24 CE 01 [binary data]IE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\..\SearchScopes\{E02DE524-D4DC-4D5F-8334-6B1751361B7D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}IE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4036308195-1429183575-3574147272-1002\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: G:\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR - homepage: https://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllCHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllCHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: AdBlock = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\CHR - Extension: Chrome In-App Payments service = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)O4 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001..\Run: [spotify] C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001..\Run: [spotify Web Helper] C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-4036308195-1429183575-3574147272-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{954EDF71-3A01-4367-8AC5-F0AA55C8473A}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F38C8C7E-3FA0-43A9-8CB4-4F133B1495BC}: DhcpNameServer = 10.1.10.1 192.168.1.1O18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/09/02 14:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp[2013/09/02 14:30:58 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/09/02 14:20:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/09/02 14:20:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/09/02 14:20:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe[2013/09/02 14:20:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/09/02 14:20:35 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/09/02 14:20:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/09/02 09:52:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/09/02 09:49:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/09/01 16:53:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes[2013/09/01 16:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/09/01 16:52:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/09/01 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/09/01 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs[2013/09/01 14:55:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV[2013/09/01 14:55:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV[2013/09/01 13:37:23 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys[2013/09/01 13:37:23 | 000,029,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll[2013/09/01 13:37:23 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll[2013/09/01 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\NVIDIA[2013/09/01 13:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies[2013/09/01 13:35:15 | 000,000,000 | ---D | C] -- C:\Windows\LastGood[2013/09/01 13:34:59 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys[2013/09/01 13:34:59 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll[2013/09/01 13:34:58 | 027,781,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll[2013/09/01 13:34:58 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll[2013/09/01 13:34:58 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll[2013/09/01 13:34:58 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll[2013/09/01 13:34:58 | 015,144,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll[2013/09/01 13:34:58 | 009,239,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll[2013/09/01 13:34:58 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll[2013/09/01 13:34:58 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll[2013/09/01 13:34:58 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll[2013/09/01 13:34:58 | 002,953,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll[2013/09/01 13:34:58 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll[2013/09/01 13:34:58 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll[2013/09/01 13:34:58 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll[2013/09/01 13:34:58 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432049.dll[2013/09/01 13:34:58 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432049.dll[2013/09/01 13:34:58 | 000,572,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll[2013/09/01 13:34:58 | 000,570,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll[2013/09/01 13:34:58 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll[2013/09/01 13:34:58 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll[2013/09/01 13:34:58 | 000,432,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll[2013/09/01 13:34:58 | 000,372,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll[2013/09/01 13:34:58 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll[2013/09/01 13:34:58 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll[2013/09/01 11:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID[2013/09/01 11:10:44 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll[2013/09/01 11:10:44 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll[2013/09/01 11:10:44 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll[2013/09/01 11:10:43 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll[2013/09/01 11:10:43 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll[2013/09/01 11:10:43 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe[2013/09/01 11:10:43 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll[2013/09/01 11:10:43 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe[2013/09/01 11:10:43 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL[2013/09/01 11:10:43 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys[2013/09/01 11:10:43 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll[2013/09/01 11:10:43 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll[2013/09/01 11:10:43 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll[2013/09/01 11:10:43 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys[2013/09/01 11:10:43 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll[2013/09/01 11:10:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll[2013/09/01 11:10:43 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys[2013/09/01 11:10:43 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys[2013/09/01 11:10:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll[2013/09/01 11:10:42 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll[2013/09/01 11:10:42 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll[2013/09/01 11:10:42 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll[2013/09/01 11:10:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll[2013/09/01 11:10:42 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll[2013/09/01 11:10:42 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll[2013/09/01 11:10:42 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll[2013/09/01 11:10:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL[2013/09/01 11:10:42 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys[2013/09/01 11:10:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe[2013/09/01 11:10:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll[2013/09/01 11:10:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe[2013/09/01 00:58:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\WarThunder[2013/09/01 00:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder[2013/08/31 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\IsolatedStorage[2013/08/31 19:40:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Downloaded Installations[2013/08/31 19:14:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/08/31 19:14:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/08/31 19:14:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/08/31 19:14:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/08/31 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2013/08/25 14:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2013/08/25 14:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe[2013/08/25 14:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2013/08/25 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe[2013/08/25 12:39:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\HP[2013/08/25 12:21:54 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM6412.dll[2013/08/25 12:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP[2013/08/25 12:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP[2013/08/25 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP[2013/08/25 12:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP[2013/08/23 11:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013[2013/08/23 01:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER[2013/08/23 00:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office[2013/08/23 00:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15[2013/08/14 23:22:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\dvdcss[2013/08/13 14:47:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT[2013/08/13 14:08:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll[2013/08/13 14:07:57 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys[2013/08/13 14:07:57 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys[2013/08/13 14:07:56 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll[2013/08/13 14:07:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/08/13 14:07:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll[2013/08/13 14:07:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll[2013/08/13 14:07:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/08/13 14:07:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/08/13 14:07:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/08/13 14:07:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/08/13 14:07:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/08/13 14:07:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/08/13 14:07:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/08/13 14:07:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/08/13 14:07:46 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/08/13 14:07:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/08/13 14:07:27 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/08/13 14:07:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2013/08/13 14:07:26 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll[2013/08/13 14:07:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll[2013/08/13 14:07:26 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll[2013/08/13 14:07:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll[2013/08/07 18:50:42 | 000,036,664 | ---- | C] (AVG) -- C:\Windows\SysNative\uxtuneup.dll[2013/08/07 18:50:42 | 000,030,008 | ---- | C] (AVG) -- C:\Windows\SysWow64\uxtuneup.dll[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/09/02 16:35:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/09/02 13:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/09/02 10:12:43 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/09/02 10:12:43 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/09/02 10:12:43 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/09/02 10:08:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/09/02 10:06:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013/09/01 16:52:51 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/09/01 13:36:29 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk[2013/09/01 13:35:58 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk[2013/09/01 11:29:59 | 000,423,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/09/01 11:19:31 | 000,000,607 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk[2013/08/31 23:47:13 | 000,000,222 | ---- | M] () -- C:\Users\Mark\Desktop\War Thunder.url[2013/08/31 19:14:25 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll[2013/08/31 19:14:25 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll[2013/08/31 19:14:25 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/08/31 19:14:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/08/31 19:14:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/08/31 19:14:25 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/08/25 14:38:52 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/08/25 14:36:30 | 000,199,156 | ---- | M] () -- C:\Users\Mark\Documents\CampusMap.pdf[2013/08/25 12:21:54 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk[2013/08/25 12:21:53 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 4620 series.lnk[2013/08/20 09:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys[2013/08/20 09:32:58 | 000,029,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll[2013/08/20 09:32:46 | 000,028,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll[2013/08/11 00:36:36 | 000,000,222 | ---- | M] () -- C:\Users\Mark\Desktop\XCOM Enemy Unknown.url[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/02 14:20:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/09/02 14:20:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/09/02 14:20:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/09/02 14:20:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/09/02 14:20:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/09/01 16:52:51 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/09/01 13:36:29 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk[2013/09/01 13:35:58 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk[2013/09/01 11:29:56 | 000,423,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/09/01 11:19:31 | 000,000,607 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk[2013/09/01 11:10:42 | 000,387,583 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml[2013/08/31 23:47:13 | 000,000,222 | ---- | C] () -- C:\Users\Mark\Desktop\War Thunder.url[2013/08/25 14:38:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk[2013/08/25 14:38:52 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/08/25 14:36:30 | 000,199,156 | ---- | C] () -- C:\Users\Mark\Documents\CampusMap.pdf[2013/08/25 12:21:53 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 4620 series.lnk[2013/08/25 12:21:53 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk[2013/08/11 00:36:36 | 000,000,222 | ---- | C] () -- C:\Users\Mark\Desktop\XCOM Enemy Unknown.url[2013/03/21 12:06:05 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll[2012/12/14 05:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/12/14 05:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin[2012/12/14 05:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013/04/01 01:22:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > --------------------------------------------------------------- OTL Extras logfile created on: 9/2/2013 5:14:28 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Downloads64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.90 Gb Total Physical Memory | 13.71 Gb Available Physical Memory | 86.23% Memory free18.15 Gb Paging File | 15.70 Gb Available in Paging File | 86.53% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 118.90 Gb Total Space | 33.43 Gb Free Space | 28.12% Space Free | Partition Type: NTFSDrive G: | 931.51 Gb Total Space | 843.70 Gb Free Space | 90.57% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Mark | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{3ED3CF20-30B2-49CB-B8B1-76A09BB075ED}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{A1AC6873-236F-4F77-A8D5-58958CF398AB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{AB6BF7EC-12BA-4E3C-A2A4-331CDAE36469}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{B53B5BCF-7D3F-457F-89D1-ABAE0DCD1033}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{DBBDF403-F666-42B4-A8AD-82C0D51B3CDF}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{05B2EC05-CCED-434B-9664-96A137DA2E4D}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe | "{06B85CBD-C3B9-42B9-AA32-C8752FE9297F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{0FBD1C61-2FF3-40E8-9BA2-181D87991F06}" = protocol=6 | dir=in | app=g:\starcraft 2\starcraft ii\starcraft ii public test.exe | "{1505ABE5-17C1-4594-AE2A-F17A772538EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | "{15C309FB-9263-46CA-B61D-C154CA6874A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | "{1DE0642C-F4D0-45A3-B9E7-775BE4209E14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{1E334FAD-CA2F-430D-97AC-0B649A9915E9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{229172E6-79E2-4A15-B7DB-7493D88C5960}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{2679E089-4609-407C-924F-4E37EDABAACB}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe | "{2940D86E-F311-48F2-BA97-733B6CC73BB0}" = protocol=17 | dir=in | app=g:\starcraft 2\starcraft ii\starcraft ii.exe | "{2974641D-4D84-416B-B99E-584F8607CDA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2C68FB05-82FF-482D-8A83-0C6A074C6B05}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | "{2C95D140-30E1-4C7D-BD2E-55C9B78202D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{34B658E9-AE43-4835-8E2E-832E7ECDF3EA}" = dir=in | app=g:\skype\phone\skype.exe | "{3AF715F5-5F85-4884-84A5-09DB0A8AA674}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{40673AA3-6F87-43AF-AFC3-BE7E39D7A46D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | "{4C64171E-90D1-441E-9169-1B7859BAF5CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{59DF7A91-40C0-47B4-9051-A8C356EF4006}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{6C5B0937-1CEC-4B85-9DA9-ADD27FB48F31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{77DE3092-E265-4D4C-BAEC-42C333B5C67F}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe | "{81102AEF-9218-42E1-8FD7-70587CCE5B25}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{8EE29067-AFD8-448F-ABE9-397B3070CB8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{9116DC1D-B103-4496-A79D-8F81ABBED278}" = dir=out | name=eml viewer | "{9DB285E1-A0E3-42BF-A21C-ABADB10212E9}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe | "{A4B7BE6F-44A7-40A1-80FD-BD2A3AF9BE4C}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe | "{A5F9FE31-74B5-4721-ACAD-690CE63A5F33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{B6A98C65-F37D-4082-9C84-525A3B5E19B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | "{BD51C2A6-9D4B-4EA3-A6C4-C9C82D0FBB88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{C92336CF-788C-4D12-9820-29CD291DE7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | "{CC4A19EC-21E2-4DA6-979E-5DDBAF661E4F}" = protocol=17 | dir=in | app=g:\starcraft 2\starcraft ii\starcraft ii public test.exe | "{D1613C25-22B7-4640-AB4B-E611AD3D9B8D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{D4057426-7763-4EDB-AF4B-1446B2B188C9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{D69836D9-72A4-4F23-8601-3955A1739635}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe | "{DBC5F939-4EAC-45A9-844C-0098E7AF6681}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | "{E60BD18E-7992-4C81-B08E-00400C8C4279}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{E7670371-CF3E-4556-B6FD-F2BA33648536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{EADCCD9C-9743-418F-A701-EDC5D4AF9FAF}" = protocol=6 | dir=in | app=g:\starcraft 2\starcraft ii\starcraft ii.exe | "{F0525C7B-50F9-46E8-9C14-E6F0863E5F71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{F5391372-765E-42B8-9EAE-757F29899460}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{FA192845-BECC-4868-89EA-31CA6CF510DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | "TCP Query User{0047C97B-01E4-45A8-A5E1-825E145A205A}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe | "TCP Query User{2C3DEE49-8B6B-40A0-948F-5C6DB99DD8F5}G:\starcraft 2\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft 2\starcraft ii\versions\base24944\sc2.exe | "TCP Query User{7D5C83F1-4DAE-4407-A3D4-E18056A727E0}G:\the war z\warz.exe" = protocol=6 | dir=in | app=g:\the war z\warz.exe | "TCP Query User{9105EA91-129B-4EDC-90DA-F1665A94A000}G:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=6 | dir=in | app=g:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | "TCP Query User{9BA1ADA4-69E7-4703-814E-C530FA8E061E}C:\users\mark\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\roaming\spotify\spotify.exe | "TCP Query User{B9D223FA-BE48-4197-9ADE-59A13191D1DC}G:\starcraft 2\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft 2\starcraft ii\versions\base26490\sc2.exe | "UDP Query User{16FA690D-1A0E-4192-BDBB-5E12BCA9F99E}G:\the war z\warz.exe" = protocol=17 | dir=in | app=g:\the war z\warz.exe | "UDP Query User{3103F133-2F24-4E38-AB41-A8437F1F0C14}G:\starcraft 2\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft 2\starcraft ii\versions\base26490\sc2.exe | "UDP Query User{4ADCCAE7-6544-4182-B56B-587F732806BE}G:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=17 | dir=in | app=g:\steamlibrary\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | "UDP Query User{77EBA703-1547-40B9-B456-416F723B7055}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe | "UDP Query User{92A82C6E-7F44-4EE4-9D01-937429504603}C:\users\mark\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\roaming\spotify\spotify.exe | "UDP Query User{CC035A06-E256-4010-8E0A-27E315811095}G:\starcraft 2\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft 2\starcraft ii\versions\base24944\sc2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5"{B411AD10-1BC9-4939-8848-BC5E66F662B7}" = HP Officejet 4620 series Basic Device Software"CPUID CPU-Z_is1" = CPUID CPU-Z 1.66.1"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{060B61F0-50BD-4043-AB77-B3EF5769569A}" = Razer Mamba"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.13"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)"AVG PC TuneUp" = AVG PC TuneUp"Google Chrome" = Google Chrome"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"StarCraft II" = StarCraft II"Steam App 200510" = XCOM: Enemy Unknown"Steam App 219740" = Don't Starve"Steam App 236390" = War Thunder"Steam App 570" = Dota 2"Steam App 8870" = BioShock Infinite"VLC media player" = VLC media player 2.0.7"XP Codec Pack" = XP Codec Pack ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4036308195-1429183575-3574147272-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ System Events ]Error - 9/2/2013 2:27:25 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:27:55 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:28:25 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:28:55 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:29:25 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:29:55 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:29:57 PM | Computer Name = PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/2/2013 2:30:25 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:30:55 PM | Computer Name = PC | Source = DCOM | ID = 10010Description = Error - 9/2/2013 2:30:58 PM | Computer Name = PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.