Inactive-A Iexplore.exe, svchost.exe Virus or Not?

[Asian Lag]

So what has been happening is I have been getting some interesting stuff on my computer, First my antivirus program started giving me some notifications on "iexplore.exe" I don't remember exactly what it said but something like "Trojan.BetaBot" obviously this worried me so I did a full scan and google search this, I couldn't find anything and my scan didn't either. So I figured this was an error and would go away, This notification kept showing up, for weeks. Obviously I feel stupid not doing anything at the time. But then just today while I was just on the internet something happened to my internet, I got a notification that "iexplore.exe" was open and accessing the internet, Google Chrome could not go on any page, It was completely blocked from access the internet. At the time I was freaking out so I went to kill the process on iexplore.exe and this is what I got
.

Then the internet finally worked on chrome, So I did some searching on this and got multiple people saying this was in fact a Trojan. Me freaking out even more I did a full scan on again got nothing.

So then I checked my security history on my program and this is what I see
http://I.imgur.com/QK12PsC.png (Big Picture)

The ones with "Unauthorized access block (Open File)" are from the process "SVCHOST.exe" all trying to open files from my virus program, The ones with "Unauthorized access block (Access Process Data)" is iexplore.exe. These instances filled up the entire row of history and notice how they are trying every second to access the files. I have no idea how to get rid of these, please help in anyway you can.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Asian Lag]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Phil :: STAN-HP [administrator]

Protection: Enabled

22/12/2013 6:08:56 PM
mbam-log-2013-12-22 (18-08-56).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 645081
Time elapsed: 3 hour(s), 49 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Data: 24/09/2011 -- 21:26 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\Phil\clrsy (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 100
C:\Games\Saints Row IV\steam_api.dll (VirTool.Obfuscator) -> No action taken.
C:\Games\SQUARE ENIX\Sleeping Dogs\buddha.dll (Malware.Gen.SKR) -> No action taken.
C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> No action taken.
C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> No action taken.
C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.
C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.Installrex) -> No action taken.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{E07AB900-F1CC-481D-B804-CA0D7B00C303}.job (PUP.Optional.Optimizerpro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper1.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\ssafe saveu\51bcb2a719f50.dll.vir (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\ssafe saveu\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Local\Bundled software uninstaller\biclient (1).exe.vir (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Local\Bundled software uninstaller\biclient.exe.vir (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Local\Conduit\CT3289847\WhiteSmoke_NewAutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Sandbox\Phil\DefaultBox\user\current\AppData\Local\Temp\Win Update\Win Update.exe (Trojan.Dropper.MSI) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Local\Temp\R5RPLC6O.exe (Trojan.Dropper.SFXAI) -> Quarantined and deleted successfully.
C:\Users\Phil\Desktop\Games\Trainers and Others\SRT3rdDX9+22Tr-LNG\srt3rddx9+22tr-lng.exe (VirTool.Obfuscator) -> Quarantined and deleted successfully.
C:\Users\Phil\clrsy\rMb.vbs (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\clrsy\d.BGV (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\clrsy\dFsrDhiog.KYK (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\clrsy\spgm.USL (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\clrsy\thR.exe (Trojan.VBS.AI) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk\jQYYI.vbs (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk\ekiOaj.exe (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk\oY.WZK (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk\rqQN.YZK (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\limlk\XHd.SIZ (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Local\Temp\AppLunch\vbc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-09-29-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-09-30-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-10-01-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-10-02-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-10-03-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-10-04-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-10-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\dclogs\2013-11-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Roaming\Microsoft\Microsoft Update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Local\Temp\AppLunch\WinUpdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

[Asian Lag]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2
Run by Phil at 22:05:58 on 2013-12-22
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\FusionTweaker\FusionTweakerService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyServer = 192.3.25.99:8089
uProxyOverride = 180.183.233.102:8080;192.168.*;10.*;localhost;127.0.0.1
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Download and Sa Class: {D21FF103-EF7E-971B-E55A-42EA8F41226B} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
uRun: [Realtek Audio Manager] "C:\ProgramData\Realtek0\bzsbkotiu.exe"
uRun: [BitTorrent] "C:\Users\Phil\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Tiny download manager] "C:\Users\Phil\AppData\Local\DM\TinyDM.exe" /M
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [436e10a] C:\Users\Public\Music\ec3a4f436\ec3a4f436.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [gerers] "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\14C676F6D616F5443524 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\14C676F6D616F5443524 : DHCPNameServer = 192.168.64.10 8.8.8.8 8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\2656C6B696E6E2236316 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\2656C6B696E6E2236316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\3486F677E45647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\4556368627F6F6D6 : DHCPNameServer = 192.168.9.2
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\4586560255C64796D616475602E4564777F627B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\4586560255C64796D616475602E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\46C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4C960862-61CB-4075-A6D4-219FBFDB8938} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{93579050-70B2-4683-9447-E5BA5E42553F} : DHCPNameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.ca
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions
FF - component: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_39.dll
FF - ExtSQL: 2013-11-24 09:17; firesheep@codebutler.com; C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\extensions\firesheep@codebutler.com
FF - ExtSQL: 2013-12-06 22:04; afproxy@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
.
============= SERVICES / DRIVERS ===============
.
R? amdiox64;AMD IO Driver
R? AODService;AODService
R? atillk64;atillk64
R? btwampfl;Bluetooth AMP USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? clwvd;CyberLink WebCam Virtual Driver
R? DrvAgent64;DrvAgent64
R? EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM)
R? GPU-Z;GPU-Z
R? hpCMSrv;HP Connection Manager 4 Service
R? npggsvc;nProtect GameGuard Service
R? Skype C2C Service;Skype C2C Service
R? SkypeUpdate;Skype Updater
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? UnsignedThemes;Unsigned Themes
R? USBAAPL64;Apple Mobile USB Driver
R? USBPNPA;USB PnP Sound Device Interface
R? uxpatch;uxpatch
R? WatAdminSvc;Windows Activation Technologies Service
R? xhunter1;xhunter1
S? AESTFilters;Andrea ST Filters Service
S? AMD External Events Utility;AMD External Events Utility
S? AMD FUEL Service;AMD FUEL Service
S? amd_sata;amd_sata
S? amd_xata;amd_xata
S? AmdTools64;AMD Special Tools Driver
S? AODDriver4.2.0;AODDriver4.2.0
S? AODDriver4.2;AODDriver4.2
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? BHDrvx64;BHDrvx64
S? ccSet_N360;Norton 360 Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? ezSharedSvc;Easybits Services for Windows
S? FusionTweaker;FusionTweaker service
S? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine
S? HP Support Assistant Service;HP Support Assistant Service
S? HPClientSvc;HP Client Services
S? hpsrv;HP Service
S? HPWMISVC;HPWMISVC
S? hshld;Hotspot Shield Service
S? HssDRV6;Hotspot Shield Routing Driver 6
S? HssWd;Hotspot Shield Monitoring Service
S? IconMan_R;IconMan_R
S? IDSVia64;IDSVia64
S? LMIGuardianSvc;LMIGuardianSvc
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? N360;Norton 360
S? PxHlpa64;PxHlpa64
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
S? SbieDrv;SbieDrv
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? taphss6;Anchorfree HSS VPN Adapter
S? TeamViewer9;TeamViewer 9
S? usbfilter;AMD USB Filter Driver
S? WinRing0_1_2_0;WinRing0_1_2_0
.
=============== Created Last 30 ================
.
2013-12-22 23:07:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-22 23:07:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 23:17:24 -------- d-----w- C:\Users\Phil\AppData\Roaming\.technic
2013-12-15 16:51:30 -------- d-----w- C:\Program Files (x86)\Mixxx
2013-12-14 17:39:07 -------- d-sh--r- C:\Program Files (x86)\evgix
2013-12-14 17:39:05 -------- d-sh--r- C:\Program Files (x86)\vqgen
2013-12-14 17:39:03 -------- d-sh--r- C:\Program Files (x86)\afmrb
2013-12-13 20:47:15 -------- d-----w- C:\Users\Phil\AppData\Roaming\AirVPN
2013-12-13 20:46:36 -------- d-----w- C:\Program Files\OpenVPN
2013-12-13 01:40:14 -------- d--h--w- C:\Windows\PIF
2013-12-13 00:00:31 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-12-13 00:00:19 -------- d-----w- C:\Users\Phil\AppData\Roaming\Hotspot Shield
2013-12-12 23:34:58 -------- d-----w- C:\ProgramData\Hotspot Shield
2013-12-12 23:33:43 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2013-12-12 20:31:03 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2013-12-11 00:23:19 -------- d-----w- C:\Users\Phil\AppData\Local\DarkBot_Starter
2013-12-10 21:42:43 -------- d-sh--r- C:\Users\Phil\ovwmh
2013-12-10 21:42:41 -------- d-sh--r- C:\Users\Phil\uolxa
2013-12-09 20:20:50 -------- d-----w- C:\Program Files (x86)\Cain
2013-12-08 20:53:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-08 19:36:19 -------- d-sh--r- C:\Users\Phil\uglvi
2013-12-08 19:36:16 -------- d-sh--r- C:\Users\Phil\ewqez
2013-12-08 19:36:14 -------- d-sh--r- C:\Users\Phil\fxgcp
2013-12-08 17:56:00 -------- d-sh--r- C:\Users\Phil\mxcqz
2013-12-08 17:55:57 -------- d-sh--r- C:\Users\Phil\oxeso
2013-12-08 17:55:56 -------- d-sh--r- C:\Users\Phil\tubzm
2013-12-08 17:27:11 -------- d-----w- C:\Users\Phil\AppData\Local\next car game technology sneak peek
2013-11-30 16:59:14 -------- d-----w- C:\Users\Phil\AppData\Roaming\logs
2013-11-24 22:56:28 -------- d-----w- C:\Users\Phil\workspace
2013-11-24 14:28:00 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-11-24 14:16:55 872392 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-11-24 14:16:52 92272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-11-24 14:16:52 393328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2013-11-24 14:16:52 302192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-11-24 14:16:52 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-11-24 14:16:52 274032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-11-24 14:16:52 22031984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-11-24 14:16:52 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-11-24 14:16:52 18544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2013-11-24 14:16:52 1776240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
2013-11-24 14:16:52 153712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-11-24 14:16:52 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-11-24 14:03:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-24 14:03:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 20:11:28 -------- d-----w- C:\Windows\ERUNT
2013-11-23 16:12:33 -------- d-----w- C:\AdwCleaner
.
==================== Find3M ====================
.
2013-11-13 23:59:30 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2013-11-13 10:51:44 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-06 22:27:27 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-06 22:27:27 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-10-06 22:26:55 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-26 13:55:10 402432 ----a-w- C:\Windows\System32\sigar-amd64-winnt.dll
2013-09-26 13:55:10 266240 ----a-w- C:\Windows\System32\sigar-x86-winnt.dll
.
============= FINISH: 22:08:44.16 ===============

 

[Asian Lag]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/08/2011 10:48:34 PM
System Uptime: 21/12/2013 4:50:25 PM (30 hours ago)
.
Motherboard: Hewlett-Packard | | 358F
Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics | Socket FS1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 44.656 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.277 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Virtual Audio Cable
Device ID: ROOT\MEDIA\0001
Manufacturer: EuMus Design
Name: Virtual Audio Cable
PNP Device ID: ROOT\MEDIA\0001
Service: EuMusDesignVirtualAudioCableWdm
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
«Sleeping Dogs» 2.1.435919
7-Zip 9.20 (x64 edition)
abgx360 v1.0.6
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 12.0
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD GPU Clock Tool
AMD Media Foundation Decoders
AMD OverDrive Beta
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
Ask Toolbar
Assassin's Creed ® III
aTube Catcher
Audacity 2.0.3
Battlefield 3™
Battlelog Web Plugins
Battlestations: Pacific
BitMeter
BitTorrent
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Burnout Paradise: The Ultimate Box
Cain & Abel 4.9.49
Call of Duty Black Ops 2
Call of Duty Online ÏÖ´úÕ½Õù
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3200 series MP Drivers
Carmageddon 2.0.0.1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CodeHook Login System 4.0
CodeHook Login System 4.21
Command and Conquer: Red Alert 3 - Uprising
Counter-Strike Global Offensive V_1.22.2.8-=AviaRa=- V_1.22.2.8
CPUID CPU-Z 1.61.3
CPUID HWMonitor 1.22
Crysis 2 Maximum Edition
D3DX10
Dead Rising 2
Dead Space™
Dead Space™ 3
Defcon v1.43 en-AU rtl
Definition update for Microsoft Office 2010 (KB982726)
Defraggler
Demolition, Inc.
DownTango Launcher 2.1
DriverAgent by eSupport.com
Dxtory version 2.0.122
Ó°ÒôºÐ×Ó(MediaBox) 1.2.0.353
Elements STI Installer
Energy Star Digital Logo
Epson Event Manager
EPSON NX125 NX127 Series Printer Uninstall
EPSON Scan
ESN Sonar
ESU for Microsoft Windows 7
Euro Truck Simulator 2
Evernote v. 4.2.2
Explorer Suite IV
Fallout Mod Manager 0.12.6
Fallout Mod Manager 0.13.21
FileZilla Client 3.7.3
Foxit Reader
Fraps (remove only)
FreeArc 0.666
FusionTweaker
Galerie de photos Windows Live
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
Geeks3D.com FurMark 1.10.3
GIF Viewer 3.2 (v2)
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto IV - Episodes From Liberty City
Grand Theft Auto IV 1.0.7.0
Grand Theft Auto: Episodes from Liberty City
GRID 2 (c) Codemasters version 1
GTA IV Vehicle Mod Installer v1.3
Gyazo 2.0.2
Half-Life Dedicated Server Update Tool
Hewlett-Packard ACLM.NET v1.2.1.1
Hitman Absolution
Horizon v2.7.2.1
Hotspot Shield 3.20
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Idle Processor Utilization Services version IPUS 2.0
IDT Audio
ImgBurn
iTunes
Java 7 Update 25 (64-bit)
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Left 4 Dead
Left 4 Dead 2
Little Inferno 1.00
LogMeIn Hamachi
Mafia II DLC Joe's Adventures
Magic Desktop
Malwarebytes Anti-Malware version 1.75.0.1300
Medal of Honor(TM) Multiplayer
Medal of Honor(TM) Single Player
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Minecraft
Minecraft1.5.2
Minecraft1.6.2
Minecraft1.6.4
Mirror's Edge
Modern warfare 2 - Player version 2.0
Modio
Movie Maker
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Notepad++
NVIDIA PhysX
OCCT 4.4.0
Online Weather
OpenAL
OpenOffice.org 3.4.1
Origin
Paint.NET v3.5.10
Pando Media Booster
Papers, Please
Photo Common
Photo Gallery
PlayReady PC Runtime x86
Populous
PowerISO
Prototype
PunkBuster Services
Python 2.7 Skype4Py-1.0.32.0
Python 2.7.5 (64-bit)
Python 3.3.2 (64-bit)
QuickTime
RAD Video Tools
Razer Game Booster
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Red Faction Guerrilla
Red Faction: Guerrilla
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
RollerCoaster Tycoon 3 Platinum
Saints Row IV
Sandboxie 4.04 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimCity 4 Deluxe
SimCity™
Skype Click to Call
Skype™ 6.11
SmartSound Quicktracks for Premiere Elements 9.0
Speccy
swMSM
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Tactical Intervention
TeamViewer 9
TechPowerUp GPU-Z
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Seasons
The Stanley Parable Demo
The Walking Dead: Season 2
TreeSize Free V2.7
Unity Web Player
Unlocker 1.9.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
USB PnP Sound Device
UxStyle Core Beta
VC80CRTRedist - 8.0.50727.6195
Virtual Audio Cable 4.6
VLC media player 2.1.1
Windows 7 USB/DVD Download Tool
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.3
WinRAR 4.20 (64-bit)
WordPerfect Office 12
World of Tanks
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Yahoo! Detect
.
==== End Of File ===========================

 

[Broni]

Some items in your MBAM log are marked "No action taken".
Re-run MBAM, fix ALL issues and post new log.

Next...

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Asian Lag]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Phil :: STAN-HP [administrator]

Protection: Disabled

23/12/2013 12:37:33 PM
mbam-log-2013-12-23 (12-37-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248212
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-2595347684-586355138-2177269792-1001\$RZO7R1D.0-DOA\passwordspro.zip (PUP.PasswordsPro) -> Quarantined and deleted successfully.

(end)

 

[Asian Lag]

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phil [Admin rights]
Mode : Remove -- Date : 12/23/2013 12:36:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Realtek Audio Manager ("C:\ProgramData\Realtek0\bzsbkotiu.exe" [x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Tiny download manager ("C:\Users\Phil\AppData\Local\DM\TinyDM.exe" /M [x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] OptimizerPro1UpdaterTask{E07AB900-F1CC-481D-B804-CA0D7B00C303}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe - /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro1\profile.ini" [x][x] -> DELETED
[V2][SUSP PATH] PileFile logon : C:\Users\Phil\AppData\Local\Temp\MinecraftForceOP.exeDownload_E2F7\MinecraftForceOP.exe_Downloader.exe [x] -> DELETED
[V2][SUSP PATH] Windows Update Check - 0x0BC402F2 : C:\ProgramData\Realtek0\bzsbkotiu.exe [x] -> DELETED
[V2][SUSP PATH] {B3B00524-86AC-4C7C-9B15-D06C1FC4D15C} : C:\Users\Phil\Desktop\Modern Warfare 3 MW3 Speically 2O12.exe [x] -> DELETED
[V2][SUSP PATH] {F3CF132F-E08A-4DF1-BC9C-1305749D6513} : C:\Users\Phil\Desktop\Modern Warfare 3 MW3 Speically 2O12.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] 4ccfe575048bf94e5bf087631cbe152f
[BSP] b246b6e2a3bf17099ba99fc8a6d9d433 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 693187 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1420056576 | Size: 21914 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 64921ac5b1cbed1cc2d7b612a5214eb8
[BSP] b246b6e2a3bf17099ba99fc8a6d9d433 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] 5be15101433e37084d66d909d7bee9cf
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7636 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_12232013_123611.txt >>
RKreport[0]_S_12232013_123522.txt

 

[Asian Lag]

Malwarebytes Anti-Rootkit said my computer was clean and had no log.

 

[Asian Lag]

Scratch the post above I found the log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.597000 GHz
Memory total: 5883457536, free: 3470577664

Downloaded database version: v2013.12.23.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/23/2013 13:03:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20131222.020\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20131222.020\ENG64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\hssdrv6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\taphss6.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AmdTools64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\FusionTweaker\WinRing0x64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80062bf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa8005c7b660
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80062bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80062bfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80062bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800613eb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8005c84ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8005c7b660, DeviceName: \Device\00000080\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DD7271A4

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1419646976

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1420056576 Numsec = 44879872

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1464936448 Numsec = 210672

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Asian Lag]

ComboFix 13-12-23.01 - Phil 23/12/2013 19:00:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5611.3944 [GMT -5:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phil\AppData\Roaming\Microsoft\Windows\Recent\Counter-Strike Source.url
c:\users\Phil\AppData\Roaming\Microsoft\Windows\Recent\The Elder Scrolls V Skyrim.url
c:\users\Phil\AppData\Roaming\SQLite3.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\frapsvid.dll
c:\windows\ver.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-11-24 to 2013-12-24 )))))))))))))))))))))))))))))))
.
.
2013-12-24 00:10 . 2013-12-24 00:10 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-12-24 00:10 . 2013-12-24 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-23 18:44 . 2013-12-23 18:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-12-23 18:03 . 2013-12-23 19:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-23 18:03 . 2013-12-23 18:03 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-23 18:03 . 2013-12-23 18:03 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-23 17:34 . 2013-12-23 17:34 29696 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak
2013-12-22 23:07 . 2013-12-22 23:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-22 23:07 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 03:06 . 2013-12-18 03:06 -------- d-----w- c:\program files\7-Zip
2013-12-16 23:17 . 2013-12-18 21:23 -------- d-----w- c:\users\Phil\AppData\Roaming\.technic
2013-12-15 16:51 . 2013-12-15 16:57 -------- d-----w- c:\program files (x86)\Mixxx
2013-12-14 17:39 . 2013-12-14 17:39 -------- d-sh--r- c:\program files (x86)\evgix
2013-12-14 17:39 . 2013-12-14 17:39 -------- d-sh--r- c:\program files (x86)\vqgen
2013-12-14 17:39 . 2013-12-14 17:39 -------- d-sh--r- c:\program files (x86)\afmrb
2013-12-13 20:47 . 2013-12-13 20:47 -------- d-----w- c:\users\Phil\AppData\Roaming\AirVPN
2013-12-13 20:46 . 2013-12-13 20:50 -------- d-----w- c:\program files\OpenVPN
2013-12-13 01:40 . 2013-12-13 01:40 -------- d--h--w- c:\windows\PIF
2013-12-13 00:00 . 2013-11-13 10:49 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-12-13 00:00 . 2013-12-13 00:00 -------- d-----w- c:\users\Phil\AppData\Roaming\Hotspot Shield
2013-12-12 23:34 . 2013-12-12 23:34 -------- d-----w- c:\programdata\Hotspot Shield
2013-12-12 23:33 . 2013-12-23 00:09 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-12-12 20:31 . 2013-12-12 20:31 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-12-11 00:23 . 2013-12-11 00:31 -------- d-----w- c:\users\Phil\AppData\Local\DarkBot_Starter
2013-12-10 21:42 . 2013-12-10 21:42 -------- d-sh--r- c:\users\Phil\ovwmh
2013-12-10 21:42 . 2013-12-10 21:42 -------- d-sh--r- c:\users\Phil\uolxa
2013-12-09 20:20 . 2013-12-09 20:27 -------- d-----w- c:\program files (x86)\Cain
2013-12-08 20:53 . 2013-12-08 20:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-12-08 19:36 . 2013-12-08 19:36 -------- d-sh--r- c:\users\Phil\uglvi
2013-12-08 19:36 . 2013-12-08 19:36 -------- d-sh--r- c:\users\Phil\ewqez
2013-12-08 19:36 . 2013-12-08 19:36 -------- d-sh--r- c:\users\Phil\fxgcp
2013-12-08 17:56 . 2013-12-08 17:58 -------- d-sh--r- c:\users\Phil\mxcqz
2013-12-08 17:55 . 2013-12-08 17:58 -------- d-sh--r- c:\users\Phil\oxeso
2013-12-08 17:55 . 2013-12-08 17:58 -------- d-sh--r- c:\users\Phil\tubzm
2013-12-08 17:27 . 2013-12-08 17:27 -------- d-----w- c:\users\Phil\AppData\Local\next car game technology sneak peek
2013-12-04 01:02 . 2013-12-04 01:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\Phil\AppData\Roaming\logs
2013-11-24 22:56 . 2013-11-24 22:58 -------- d-----w- c:\users\Phil\workspace
2013-11-24 14:28 . 2013-11-24 14:28 -------- d-----w- c:\program files (x86)\WinPcap
2013-11-24 14:03 . 2013-12-18 15:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-24 14:03 . 2013-12-18 15:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 01:23 . 2013-11-14 01:23 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-14 01:22 . 2013-11-14 01:22 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-13 10:51 . 2013-11-13 10:51 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-11-09 02:34 . 2013-11-09 02:34 98304 ----a-r- c:\users\Phil\AppData\Roaming\Microsoft\Installer\{DBDD570E-0952-475F-9453-AB88F3DD565A}\python_icon.exe
2013-10-08 11:50 . 2012-09-16 17:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-06 22:27 . 2012-07-26 20:25 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-06 22:27 . 2012-03-04 03:32 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-06 22:26 . 2012-03-04 03:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-26 13:55 . 2013-10-30 22:12 402432 ----a-w- c:\windows\system32\sigar-amd64-winnt.dll
2013-09-26 13:55 . 2013-10-30 22:12 266240 ----a-w- c:\windows\system32\sigar-x86-winnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-07-24 20:11 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-26 642656]
"436e10a"="c:\users\Public\Music\ec3a4f436\ec3a4f436.exe" [2010-03-18 32592]
"gerers"="c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" [2010-11-21 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Phil\AppData\Local\Temp\GPU-Z.sys;c:\users\Phil\AppData\Local\Temp\GPU-Z.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FusionTweaker;FusionTweaker service;c:\program files\FusionTweaker\FusionTweakerService.exe;c:\program files\FusionTweaker\FusionTweakerService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\FusionTweaker\WinRing0x64.sys;c:\program files\FusionTweaker\WinRing0x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:19 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 15:01]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05 21:50]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05 21:50]
.
2013-12-21 c:\windows\Tasks\HPCeeScheduleForPhil.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-13 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = 192.3.25.99:8089
uInternet Settings,ProxyOverride = 180.183.233.102:8080;192.168.*;10.*;localhost;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\14C676F6D616F5443524: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\2656C6B696E6E2236316: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\4586560255C64796D616475602E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions
FF - ExtSQL: 2013-11-24 09:17; firesheep@codebutler.com; c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\extensions\firesheep@codebutler.com
FF - ExtSQL: 2013-12-06 22:04; afproxy@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{D21FF103-EF7E-971B-E55A-42EA8F41226B} - c:\programdata\Download and Sa\50888be443776.ocx
Toolbar-{8d3ec233-b92d-4187-a506-284127cfba2d} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-Call of Duty Online ÏÖ´úÕ½Õù - c:\games\Warfare2\bin\codol\Call of Duty Online ÏÖ´úÕ½Õù\Call of Duty Online ÏÖ´úÕ½ÕùжÔØ.exe
AddRemove-Carmageddon 2.0.0.1 - c:\games\Rockstar Games\Carmageddon 2.0.0.1\Uninstall.exe
AddRemove-CodeHook Login System 4.0 - c:\program files (x86)\CodeHook\Uninstall.exe
AddRemove-CodeHook Login System 4.21 - c:\program files (x86)\CodeHook\Uninstall.exe
AddRemove-Counter-Strike Global Offensive V_1.22.2.8-=AviaRa=- V_1.22.2.8 - c:\games\Counter-Strike Global Offensive\Uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-Minecraft1.5.2 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-Minecraft1.6.2 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-Minecraft1.6.4 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Roller Coaster Tycoon 3 Platinum - CarlesNeo ! - c:\program files (x86)\Roller Coaster Tycoon 3 Platinum\Uninstal.exe
AddRemove-RollerCoaster Tycoon 3 Platinum3 - c:\program files (x86)\Portable\RollerCoaster Tycoon 3 Platinum\uninstall.exe
AddRemove-Sleeping Dogs_is1 - c:\games\Sleeping Dogs\uninstall\unins000.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - c:\games\Maxis\SimCity 4 Deluxe\EAUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-Online Weather - c:\users\Phil\AppData\Local\WebPlayer\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001\Software\SecuROM\License information*]
"datasecu"=hex:89,37,8a,26,86,ef,bd,79,10,c1,27,2b,fa,8c,53,6c,54,65,da,80,48,
c5,29,2b,8e,2f,93,db,df,2a,9b,1d,ee,a1,ef,18,a0,d0,37,fa,a2,a3,0f,d6,63,c0,\
"rkeysecu"=hex:64,19,20,06,17,87,7f,2e,0c,9f,8c,47,45,b0,6b,b0
.
[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001_Classes\CLSID\{CA5D3011-04AB-584F-BA6D-6A4694E012C1}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-23 19:13:13
ComboFix-quarantined-files.txt 2013-12-24 00:13
.
Pre-Run: 46,064,656,384 bytes free
Post-Run: 45,847,330,816 bytes free
.
- - End Of File - - 5D7BB17F243C3BE7CBB9FB3DC1252A84
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:dir
c:\users\Phil\tubzm /s
c:\users\Phil\oxeso /s
c:\users\Phil\mxcqz /s
c:\users\Phil\fxgcp /s
c:\users\Phil\ewqez /s
c:\users\Phil\uglvi /s
c:\program files (x86)\afmrb /s
c:\program files (x86)\vqgen /s
c:\program files (x86)\evgix /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Asian Lag]

SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 23/12/2013 by Phil
Administrator - Elevation successful

========== dir ==========

c:\users\Phil\tubzm - Parameters: "/s"

---Files---
.YUJ --ahs-- 31752 bytes [17:55 08/12/2013] [23:33 07/12/2013]
bXcuklNIn.exe --ahs-- 750320 bytes [17:55 08/12/2013] [18:34 29/01/2012]
Qnl.KES --ahs-- 13882482 bytes [17:55 08/12/2013] [23:33 07/12/2013]
RaqZ.vbs --ahs-- 58 bytes [17:55 08/12/2013] [23:33 07/12/2013]
UXcPTPG.VIP --ahs-- 26 bytes [17:55 08/12/2013] [23:33 07/12/2013]

No folders found.

c:\users\Phil\oxeso - Parameters: "/s"

---Files---
hkEJz.TTJ --ahs-- 11778059 bytes [17:55 08/12/2013] [23:33 07/12/2013]
PJRWmwk.vbs --ahs-- 56 bytes [17:55 08/12/2013] [23:32 07/12/2013]
tyhtr.exe --ahs-- 750320 bytes [17:55 08/12/2013] [18:34 29/01/2012]
uM.LZD --ahs-- 26 bytes [17:55 08/12/2013] [23:32 07/12/2013]
YNWCwJ.ZDR --ahs-- 91656 bytes [17:55 08/12/2013] [23:32 07/12/2013]

No folders found.

c:\users\Phil\mxcqz - Parameters: "/s"

---Files---
bqkEPG.exe --ahs-- 750320 bytes [17:56 08/12/2013] [18:34 29/01/2012]
FUzP.vbs --ahs-- 53 bytes [17:56 08/12/2013] [23:34 07/12/2013]
InVrnJd.MHF --ahs-- 26 bytes [17:56 08/12/2013] [23:34 07/12/2013]
kep.AAY --ahs-- 9736 bytes [17:56 08/12/2013] [23:34 07/12/2013]
n.LWW --ahs-- 11550828 bytes [17:56 08/12/2013] [23:34 07/12/2013]

No folders found.

c:\users\Phil\fxgcp - Parameters: "/s"

---Files---
eagmR.exe --ahs-- 750320 bytes [19:36 08/12/2013] [18:34 29/01/2012]
gZGTM.DYO --ahs-- 31752 bytes [19:36 08/12/2013] [14:52 08/12/2013]
MdRppWc.ZJL --ahs-- 11953197 bytes [19:36 08/12/2013] [14:52 08/12/2013]
RdtL.UAV --ahs-- 26 bytes [19:36 08/12/2013] [14:52 08/12/2013]
zG.vbs --ahs-- 58 bytes [19:36 08/12/2013] [14:52 08/12/2013]

No folders found.

c:\users\Phil\ewqez - Parameters: "/s"

---Files---
AckS.vbs --ahs-- 53 bytes [19:36 08/12/2013] [14:51 08/12/2013]
HNE.XQK --ahs-- 26 bytes [19:36 08/12/2013] [14:51 08/12/2013]
iYD.CIX --ahs-- 13384732 bytes [19:36 08/12/2013] [14:51 08/12/2013]
syQIhGpSH.RUU --ahs-- 91656 bytes [19:36 08/12/2013] [14:51 08/12/2013]
tBDz.exe --ahs-- 750320 bytes [19:36 08/12/2013] [18:34 29/01/2012]

No folders found.

c:\users\Phil\uglvi - Parameters: "/s"

---Files---
a.vbs --ahs-- 51 bytes [19:36 08/12/2013] [14:54 08/12/2013]
BVv.exe --ahs-- 750320 bytes [19:36 08/12/2013] [18:34 29/01/2012]
Im.JOP --ahs-- 26 bytes [19:36 08/12/2013] [14:54 08/12/2013]
jRJguw.MTZ --ahs-- 9736 bytes [19:36 08/12/2013] [14:54 08/12/2013]
Po.RYQ --ahs-- 12561407 bytes [19:36 08/12/2013] [14:54 08/12/2013]

No folders found.

c:\program files (x86)\afmrb - Parameters: "/s"

---Files---
encryption-key.txt --a---- 32 bytes [17:39 14/12/2013] [20:38 12/12/2013]
fdVHv.VOL --ahs-- 31240 bytes [17:39 14/12/2013] [12:03 14/12/2013]
KhZf.BPD --ahs-- 26 bytes [17:39 14/12/2013] [12:03 14/12/2013]
sgz.VZZ --ahs-- 12184651 bytes [17:39 14/12/2013] [12:03 14/12/2013]
urFvmR.exe --ahs-- 750320 bytes [17:39 14/12/2013] [18:34 29/01/2012]
UTf.vbs --ahs-- 55 bytes [17:39 14/12/2013] [12:03 14/12/2013]

No folders found.

c:\program files (x86)\vqgen - Parameters: "/s"

---Files---
b.UTI --ahs-- 13473173 bytes [17:39 14/12/2013] [12:04 14/12/2013]
EiUAnC.exe --ahs-- 750320 bytes [17:39 14/12/2013] [18:34 29/01/2012]
encryption-key.txt --a---- 32 bytes [17:39 14/12/2013] [20:38 12/12/2013]
h.vbs --ahs-- 53 bytes [17:39 14/12/2013] [12:04 14/12/2013]
KfnSGw.SML --ahs-- 26 bytes [17:39 14/12/2013] [12:04 14/12/2013]
UAsW.GAS --ahs-- 91656 bytes [17:39 14/12/2013] [12:04 14/12/2013]

No folders found.

c:\program files (x86)\evgix - Parameters: "/s"

---Files---
boDboT.vbs --ahs-- 52 bytes [17:39 14/12/2013] [12:05 14/12/2013]
encryption-key.txt --a---- 32 bytes [17:39 14/12/2013] [20:38 12/12/2013]
JdK.SGH --ahs-- 12952795 bytes [17:39 14/12/2013] [12:05 14/12/2013]
jPJZKRJt.YTZ --ahs-- 26 bytes [17:39 14/12/2013] [12:05 14/12/2013]
wep.exe --ahs-- 750320 bytes [17:39 14/12/2013] [18:34 29/01/2012]
WSC.ZVO --ahs-- 9736 bytes [17:39 14/12/2013] [12:05 14/12/2013]

No folders found.

-= EOF =-

 

[Broni]

Do you recognize any of those folders or files?

 

[Asian Lag]

No, I do not.

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\users\Phil\tubzm
c:\users\Phil\oxeso
c:\users\Phil\mxcqz
c:\users\Phil\fxgcp
c:\users\Phil\ewqez
c:\users\Phil\uglvi
c:\program files (x86)\afmrb
c:\program files (x86)\vqgen
c:\program files (x86)\evgix

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Asian Lag]

ComboFix 13-12-23.01 - Phil 23/12/2013 21:49:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5611.3686 [GMT -5:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
Command switches used :: c:\users\Phil\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\afmrb
c:\program files (x86)\afmrb\encryption-key.txt
c:\program files (x86)\afmrb\fdVHv.VOL
c:\program files (x86)\afmrb\KhZf.BPD
c:\program files (x86)\afmrb\sgz.VZZ
c:\program files (x86)\afmrb\urFvmR.exe
c:\program files (x86)\afmrb\UTf.vbs
c:\program files (x86)\evgix
c:\program files (x86)\evgix\boDboT.vbs
c:\program files (x86)\evgix\encryption-key.txt
c:\program files (x86)\evgix\JdK.SGH
c:\program files (x86)\evgix\jPJZKRJt.YTZ
c:\program files (x86)\evgix\wep.exe
c:\program files (x86)\evgix\WSC.ZVO
c:\program files (x86)\vqgen
c:\program files (x86)\vqgen\b.UTI
c:\program files (x86)\vqgen\EiUAnC.exe
c:\program files (x86)\vqgen\encryption-key.txt
c:\program files (x86)\vqgen\h.vbs
c:\program files (x86)\vqgen\KfnSGw.SML
c:\program files (x86)\vqgen\UAsW.GAS
c:\users\Phil\ewqez
c:\users\Phil\ewqez\AckS.vbs
c:\users\Phil\ewqez\HNE.XQK
c:\users\Phil\ewqez\iYD.CIX
c:\users\Phil\ewqez\syQIhGpSH.RUU
c:\users\Phil\ewqez\tBDz.exe
c:\users\Phil\fxgcp
c:\users\Phil\fxgcp\eagmR.exe
c:\users\Phil\fxgcp\gZGTM.DYO
c:\users\Phil\fxgcp\MdRppWc.ZJL
c:\users\Phil\fxgcp\RdtL.UAV
c:\users\Phil\fxgcp\zG.vbs
c:\users\Phil\mxcqz
c:\users\Phil\mxcqz\bqkEPG.exe
c:\users\Phil\mxcqz\FUzP.vbs
c:\users\Phil\mxcqz\InVrnJd.MHF
c:\users\Phil\mxcqz\kep.AAY
c:\users\Phil\mxcqz\n.LWW
c:\users\Phil\oxeso
c:\users\Phil\oxeso\hkEJz.TTJ
c:\users\Phil\oxeso\PJRWmwk.vbs
c:\users\Phil\oxeso\tyhtr.exe
c:\users\Phil\oxeso\uM.LZD
c:\users\Phil\oxeso\YNWCwJ.ZDR
c:\users\Phil\tubzm
c:\users\Phil\tubzm\.YUJ
c:\users\Phil\tubzm\bXcuklNIn.exe
c:\users\Phil\tubzm\Qnl.KES
c:\users\Phil\tubzm\RaqZ.vbs
c:\users\Phil\tubzm\UXcPTPG.VIP
c:\users\Phil\uglvi
c:\users\Phil\uglvi\a.vbs
c:\users\Phil\uglvi\BVv.exe
c:\users\Phil\uglvi\Im.JOP
c:\users\Phil\uglvi\jRJguw.MTZ
c:\users\Phil\uglvi\Po.RYQ
.
.
((((((((((((((((((((((((( Files Created from 2013-11-24 to 2013-12-24 )))))))))))))))))))))))))))))))
.
.
2013-12-24 02:58 . 2013-12-24 02:58 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-12-24 02:58 . 2013-12-24 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-24 02:58 . 2013-12-24 02:58 -------- d-----w- c:\users\Asian Lag\AppData\Local\temp
2013-12-23 18:44 . 2013-12-23 18:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-12-23 18:03 . 2013-12-23 19:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-23 18:03 . 2013-12-23 18:03 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-23 18:03 . 2013-12-23 18:03 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-23 17:34 . 2013-12-23 17:34 29696 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak
2013-12-22 23:07 . 2013-12-22 23:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-22 23:07 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 03:06 . 2013-12-18 03:06 -------- d-----w- c:\program files\7-Zip
2013-12-16 23:17 . 2013-12-18 21:23 -------- d-----w- c:\users\Phil\AppData\Roaming\.technic
2013-12-15 16:51 . 2013-12-15 16:57 -------- d-----w- c:\program files (x86)\Mixxx
2013-12-13 20:47 . 2013-12-13 20:47 -------- d-----w- c:\users\Phil\AppData\Roaming\AirVPN
2013-12-13 20:46 . 2013-12-13 20:50 -------- d-----w- c:\program files\OpenVPN
2013-12-13 01:40 . 2013-12-13 01:40 -------- d--h--w- c:\windows\PIF
2013-12-13 00:00 . 2013-11-13 10:49 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-12-13 00:00 . 2013-12-13 00:00 -------- d-----w- c:\users\Phil\AppData\Roaming\Hotspot Shield
2013-12-12 23:34 . 2013-12-12 23:34 -------- d-----w- c:\programdata\Hotspot Shield
2013-12-12 23:33 . 2013-12-23 00:09 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-12-12 20:31 . 2013-12-12 20:31 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-12-11 00:23 . 2013-12-11 00:31 -------- d-----w- c:\users\Phil\AppData\Local\DarkBot_Starter
2013-12-10 21:42 . 2013-12-10 21:42 -------- d-sh--r- c:\users\Phil\ovwmh
2013-12-10 21:42 . 2013-12-10 21:42 -------- d-sh--r- c:\users\Phil\uolxa
2013-12-09 20:20 . 2013-12-09 20:27 -------- d-----w- c:\program files (x86)\Cain
2013-12-08 20:53 . 2013-12-08 20:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-12-08 17:27 . 2013-12-08 17:27 -------- d-----w- c:\users\Phil\AppData\Local\next car game technology sneak peek
2013-12-04 01:02 . 2013-12-04 01:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\Phil\AppData\Roaming\logs
2013-11-24 22:56 . 2013-11-24 22:58 -------- d-----w- c:\users\Phil\workspace
2013-11-24 14:28 . 2013-11-24 14:28 -------- d-----w- c:\program files (x86)\WinPcap
2013-11-24 14:03 . 2013-12-18 15:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-24 14:03 . 2013-12-18 15:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 01:23 . 2013-11-14 01:23 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-14 01:22 . 2013-11-14 01:22 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-13 10:51 . 2013-11-13 10:51 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-11-09 02:34 . 2013-11-09 02:34 98304 ----a-r- c:\users\Phil\AppData\Roaming\Microsoft\Installer\{DBDD570E-0952-475F-9453-AB88F3DD565A}\python_icon.exe
2013-10-08 11:50 . 2012-09-16 17:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-06 22:27 . 2012-07-26 20:25 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-06 22:27 . 2012-03-04 03:32 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-06 22:26 . 2012-03-04 03:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-26 13:55 . 2013-10-30 22:12 402432 ----a-w- c:\windows\system32\sigar-amd64-winnt.dll
2013-09-26 13:55 . 2013-10-30 22:12 266240 ----a-w- c:\windows\system32\sigar-x86-winnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D21FF103-EF7E-971B-E55A-42EA8F41226B}]
c:\programdata\Download and Sa\50888be443776.ocx [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-07-24 20:11 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-20 00:47 222832 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-26 642656]
"436e10a"="c:\users\Public\Music\ec3a4f436\ec3a4f436.exe" [2010-03-18 32592]
"gerers"="c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" [2010-11-21 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Phil\AppData\Local\Temp\GPU-Z.sys;c:\users\Phil\AppData\Local\Temp\GPU-Z.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FusionTweaker;FusionTweaker service;c:\program files\FusionTweaker\FusionTweakerService.exe;c:\program files\FusionTweaker\FusionTweakerService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\FusionTweaker\WinRing0x64.sys;c:\program files\FusionTweaker\WinRing0x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:19 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 15:01]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05 21:50]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05 21:50]
.
2013-12-21 c:\windows\Tasks\HPCeeScheduleForPhil.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-20 00:47 261744 ----a-w- c:\users\Phil\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-13 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = 192.3.25.99:8089
uInternet Settings,ProxyOverride = 180.183.233.102:8080;192.168.*;10.*;localhost;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\14C676F6D616F5443524: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\2656C6B696E6E2236316: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\4586560255C64796D616475602E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions
FF - ExtSQL: 2013-11-24 09:17; firesheep@codebutler.com; c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\extensions\firesheep@codebutler.com
FF - ExtSQL: 2013-12-06 22:04; afproxy@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{8d3ec233-b92d-4187-a506-284127cfba2d} - (no file)
Toolbar-10 - (no file)
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-Call of Duty Online ÏÖ´úÕ½Õù - c:\games\Warfare2\bin\codol\Call of Duty Online ÏÖ´úÕ½Õù\Call of Duty Online ÏÖ´úÕ½ÕùжÔØ.exe
AddRemove-Carmageddon 2.0.0.1 - c:\games\Rockstar Games\Carmageddon 2.0.0.1\Uninstall.exe
AddRemove-CodeHook Login System 4.0 - c:\program files (x86)\CodeHook\Uninstall.exe
AddRemove-CodeHook Login System 4.21 - c:\program files (x86)\CodeHook\Uninstall.exe
AddRemove-Counter-Strike Global Offensive V_1.22.2.8-=AviaRa=- V_1.22.2.8 - c:\games\Counter-Strike Global Offensive\Uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-Minecraft1.5.2 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-Minecraft1.6.2 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-Minecraft1.6.4 - c:\users\Phil\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Roller Coaster Tycoon 3 Platinum - CarlesNeo ! - c:\program files (x86)\Roller Coaster Tycoon 3 Platinum\Uninstal.exe
AddRemove-RollerCoaster Tycoon 3 Platinum3 - c:\program files (x86)\Portable\RollerCoaster Tycoon 3 Platinum\uninstall.exe
AddRemove-Sleeping Dogs_is1 - c:\games\Sleeping Dogs\uninstall\unins000.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - c:\games\Maxis\SimCity 4 Deluxe\EAUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001\Software\SecuROM\License information*]
"datasecu"=hex:89,37,8a,26,86,ef,bd,79,10,c1,27,2b,fa,8c,53,6c,54,65,da,80,48,
c5,29,2b,8e,2f,93,db,df,2a,9b,1d,ee,a1,ef,18,a0,d0,37,fa,a2,a3,0f,d6,63,c0,\
"rkeysecu"=hex:64,19,20,06,17,87,7f,2e,0c,9f,8c,47,45,b0,6b,b0
.
[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001_Classes\CLSID\{CA5D3011-04AB-584F-BA6D-6A4694E012C1}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-23 22:00:39
ComboFix-quarantined-files.txt 2013-12-24 03:00
ComboFix2.txt 2013-12-24 00:13
.
Pre-Run: 45,701,586,944 bytes free
Post-Run: 45,626,925,056 bytes free
.
- - End Of File - - 3B95446939ABD18F0F6D176A6B93FEA8
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Good

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Asian Lag]

My computer seems to be doing good so far! No more iexplore.exe and svchost.exe in my security history.

# AdwCleaner v3.016 - Report created 23/12/2013 at 22:16:59
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phil - STAN-HP
# Running from : C:\Users\Phil\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hshld
[x] Not Deleted : hsstrayservice (NOTE : these files are from my VPN and I trust them)
[x] Not Deleted : hsswd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Users\Phil\AppData\Roaming\hotspot shield
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_factor-calculator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_factor-calculator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\hotspotshield
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ivp6kp7e.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

*************************

AdwCleaner[R0].txt - [33929 octets] - [23/11/2013 11:12:38]
AdwCleaner[R1].txt - [3226 octets] - [23/12/2013 22:11:39]
AdwCleaner[S0].txt - [30813 octets] - [23/11/2013 11:21:06]
AdwCleaner[S1].txt - [2944 octets] - [23/12/2013 22:16:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3004 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Phil on 23/12/2013 at 22:24:02.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"



~~~ FireFox

Emptied folder: C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\ivp6kp7e.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2013 at 22:35:14.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Asian Lag]

OTL logfile created on: 23/12/2013 10:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 62.37% Memory free
15.40 Gb Paging File | 13.03 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): c:\pagefile.sys 10160 10260 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.94 Gb Total Space | 42.59 Gb Free Space | 6.29% Space Free | Partition Type: NTFS
Drive D: | 21.40 Gb Total Space | 2.28 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 88.69 Mb Free Space | 89.71% Space Free | Partition Type: FAT32

Computer Name: STAN-HP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/23 22:10:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2013/12/04 09:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 06:36:28 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/08/14 23:31:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/08 06:29:02 | 000,183,896 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/02/26 14:07:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/16 21:03:18 | 000,188,928 | ---- | M] () [Auto | Running] -- C:\Program Files\FusionTweaker\FusionTweakerService.exe -- (FusionTweaker)
SRV:64bit: - [2011/08/22 17:42:44 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/08/22 17:42:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/18 10:01:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/04 09:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/29 16:20:42 | 002,210,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 23:31:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/12 13:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/23 23:50:36 | 000,137,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/28 07:49:11 | 000,140,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/08/07 16:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/23 10:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 00:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Stopped] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 05:51:44 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/11/13 05:49:06 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/07/08 06:29:00 | 000,199,384 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/06/18 05:43:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/01/15 05:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 00:36:18 | 004,326,912 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2012/08/24 02:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/24 15:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011/09/16 21:03:18 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\FusionTweaker\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV:64bit: - [2011/08/22 17:42:44 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 14:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/22 18:02:32 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/24 19:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 17:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/26 18:38:28 | 000,683,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011/01/26 18:37:44 | 001,063,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 02:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/04/28 11:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007/05/15 12:15:28 | 000,058,112 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2013/12/19 06:24:35 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20131223.002\ex64.sys -- (NAVEX15)
DRV - [2013/12/19 06:24:35 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/19 06:24:35 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20131223.002\eng64.sys -- (NAVENG)
DRV - [2013/12/13 06:42:29 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20131220.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/03 13:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 06:42:22 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/23 23:48:54 | 000,058,088 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.2.0)
DRV - [2012/08/20 13:01:21 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 00:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\uxpatch.sys -- (uxpatch)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{95A9C790-0780-425C-A75C-98CF2F191C24}: "URL" = http://www.amazon.ca/s/ref=azs_osd_...ode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 180.183.233.102:8080;192.168.*;10.*;localhost;127.0.0.1
IE - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.3.25.99:8089

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/feed/subscriptions"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_39.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_39.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/12/23 22:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013/10/09 14:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/07/06 21:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Extensions
[2012/04/27 21:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\extensions
[2012/04/27 21:16:49 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/28 13:51:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013/12/23 22:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/04/23 19:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013/04/23 19:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013/01/18 07:04:59 | 000,000,000 | ---D | M] (DownTango Launcher) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa}
[2013/01/18 07:04:59 | 000,000,000 | ---D | M] (DownTango Launcher) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa}
[2013/12/03 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\ivp6kp7e.default\extensions
[2013/11/24 09:17:35 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\ivp6kp7e.default\extensions\firesheep@codebutler.com
[2012/11/10 17:15:38 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
[2013/10/05 22:07:53 | 000,182,257 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\ivp6kp7e.default\extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi
[2013/10/05 22:08:19 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\ivp6kp7e.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013/12/03 20:04:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\ivp6kp7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/23 22:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 15:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 15:20:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/22 15:20:45 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.youtube.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\Phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_31.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Phil\AppData\Local\Google\Chrome\User

 

[Asian Lag]

Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: Google Drive = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1037_0\
CHR - Extension: AdBlock = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Youtube Subscriptions as Default Page = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\klljlfcipmgohgfdgmliaobikgdoeaah\1.1.4_0\
CHR - Extension: Landscape View Minecraft Theme = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\miebnjdihfgdpjmgfdfgilbgclmdbknn\1_0\
CHR - Extension: Google Wallet = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: Google Drive = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1037_0\
CHR - Extension: AdBlock = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Youtube Subscriptions as Default Page = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\klljlfcipmgohgfdgmliaobikgdoeaah\1.1.4_0\
CHR - Extension: Landscape View Minecraft Theme = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\miebnjdihfgdpjmgfdfgilbgclmdbknn\1_0\
CHR - Extension: Google Wallet = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/23 21:58:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Download and Sa Class) - {D21FF103-EF7E-971B-E55A-42EA8F41226B} - C:\ProgramData\Download and Sa\50888be443776.ocx File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8d3ec233-b92d-4187-a506-284127cfba2d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [436e10a] C:\Users\Public\Music\ec3a4f436\ec3a4f436.exe (Microsoft Corporation)
O4 - HKLM..\Run: [gerers] C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2595347684-586355138-2177269792-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CF9645F-E845-41E3-8D6A-C6738A8BE591}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C960862-61CB-4075-A6D4-219FBFDB8938}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93579050-70B2-4683-9447-E5BA5E42553F}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/23 22:19:07 | 000,013,644 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/23 22:10:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2013/12/23 22:09:53 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Phil\Desktop\JRT.exe
[2013/12/23 22:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/23 22:00:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/23 19:19:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\virus delete
[2013/12/23 18:57:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/23 18:57:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/23 18:57:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/23 18:56:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/23 18:55:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/23 18:53:22 | 005,156,623 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
[2013/12/23 13:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/23 13:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/23 13:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/23 13:03:56 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/23 13:03:08 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/23 12:35:15 | 000,058,112 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys.bak
[2013/12/23 12:35:08 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys.bak
[2013/12/23 12:35:05 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys.bak
[2013/12/23 12:35:05 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys.bak
[2013/12/23 12:35:04 | 001,403,440 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2013/12/23 12:35:04 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS.bak
[2013/12/23 12:35:04 | 000,040,664 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys.bak
[2013/12/23 12:35:04 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
[2013/12/23 12:35:03 | 000,521,728 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys.bak
[2013/12/23 12:34:59 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
[2013/12/23 12:34:58 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/23 12:34:48 | 000,036,600 | ---- | C] (Riverbed Technology, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2013/12/23 12:34:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2013/12/23 12:34:40 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/23 12:34:36 | 000,044,744 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys.bak
[2013/12/23 12:34:34 | 000,033,856 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys.bak
[2013/12/23 12:34:34 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/23 12:34:29 | 001,063,552 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emOEM64.sys.bak
[2013/12/23 12:34:28 | 000,683,392 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emBDA64.sys.bak
[2013/12/23 12:34:23 | 004,326,912 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10864.sys.bak
[2013/12/23 12:34:13 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/23 12:34:13 | 000,047,160 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdTools64.sys.bak
[2013/12/22 22:05:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/22 18:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/22 18:07:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/22 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/22 15:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/22 11:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Next Car Game
[2013/12/22 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Next Car Game Alpha Early
[2013/12/21 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Born Of Osiris - Tomorrow We Die Alive [2013] [320] KL-H2KKiLLER
[2013/12/17 22:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/17 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/12/16 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\.technic
[2013/12/15 11:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mixxx
[2013/12/14 21:09:41 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Minecraft Cracking
[2013/12/13 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\AirVPN
[2013/12/13 15:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013/12/12 20:40:14 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/12/12 19:00:31 | 000,044,744 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/12/12 15:31:03 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/12/10 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\DarkBot_Starter
[2013/12/10 16:42:43 | 000,000,000 | RHSD | C] -- C:\Users\Phil\ovwmh
[2013/12/10 16:42:41 | 000,000,000 | RHSD | C] -- C:\Users\Phil\uolxa
[2013/12/10 15:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:20:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2013/12/09 15:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2013/12/09 15:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
[2013/12/08 15:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/08 15:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/12/08 12:27:11 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\next car game technology sneak peek
[2013/12/03 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/30 11:59:14 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\logs
[2013/11/29 12:47:21 | 000,000,000 | ---D | C] -- C:\Users\Phil\Documents\Battlestations-Pacific
[2013/11/28 22:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013/11/28 19:04:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Death Bot
[2013/11/27 17:02:27 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Server
[2013/11/24 17:56:28 | 000,000,000 | ---D | C] -- C:\Users\Phil\workspace
[2013/11/24 09:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/11/24 09:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/23 22:41:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/23 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/23 22:27:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 22:27:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 22:19:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/23 22:18:50 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/12/23 22:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/23 22:18:28 | 117,624,831 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/23 22:10:05 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Phil\Desktop\JRT.exe
[2013/12/23 22:10:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2013/12/23 22:10:04 | 001,233,962 | ---- | M] () -- C:\Users\Phil\Desktop\adwcleaner.exe
[2013/12/23 21:58:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/23 18:53:37 | 005,156,623 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
[2013/12/23 18:15:16 | 000,002,012 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/23 13:44:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/23 13:03:56 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/23 13:03:08 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/23 12:35:54 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/23 12:35:54 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/23 12:35:54 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/23 12:35:15 | 000,058,112 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys.bak
[2013/12/23 12:35:08 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys.bak
[2013/12/23 12:35:05 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys.bak
[2013/12/23 12:35:05 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys.bak
[2013/12/23 12:35:05 | 000,031,232 | ---- | M] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
[2013/12/23 12:35:04 | 001,403,440 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2013/12/23 12:35:04 | 000,521,728 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys.bak
[2013/12/23 12:35:04 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS.bak
[2013/12/23 12:35:04 | 000,040,664 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys.bak
[2013/12/23 12:34:59 | 000,126,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
[2013/12/23 12:34:58 | 000,428,136 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/23 12:34:48 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2013/12/23 12:34:41 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2013/12/23 12:34:40 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/23 12:34:36 | 000,044,744 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys.bak
[2013/12/23 12:34:34 | 000,033,856 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys.bak
[2013/12/23 12:34:34 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/23 12:34:30 | 001,063,552 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emOEM64.sys.bak
[2013/12/23 12:34:29 | 000,683,392 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emBDA64.sys.bak
[2013/12/23 12:34:24 | 004,326,912 | ---- | M] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10864.sys.bak
[2013/12/23 12:34:13 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/23 12:34:13 | 000,047,160 | ---- | M] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdTools64.sys.bak
[2013/12/22 18:07:16 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/21 08:46:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhil.job
[2013/12/20 12:48:03 | 009,964,166 | ---- | M] () -- C:\Users\Phil\Desktop\01 Letters.m4a
[2013/12/18 14:21:09 | 129,144,315 | ---- | M] () -- C:\Users\Phil\Desktop\Pixelmon 2.5.7.zip
[2013/12/16 15:23:16 | 005,088,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/15 12:10:59 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/12/15 11:32:55 | 000,000,600 | ---- | M] () -- C:\Users\Phil\PUTTY.RND
[2013/12/12 19:01:20 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/12/12 15:31:03 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/12/10 15:31:47 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/09 15:21:56 | 000,001,747 | ---- | M] () -- C:\Users\Phil\Desktop\Cain.lnk
[2013/12/08 15:53:25 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/12/08 12:15:56 | 000,765,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/07 15:34:50 | 000,201,166 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\JavaSecurityUpdate.jar
[2013/12/07 12:48:50 | 000,001,830 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/12/02 15:22:44 | 000,000,974 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2013/12/02 15:22:44 | 000,000,974 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2013/12/02 15:22:44 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2013/12/02 15:22:44 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2013/12/01 09:30:14 | 000,007,615 | ---- | M] () -- C:\Users\Phil\AppData\Local\Resmon.ResmonCfg
[2013/11/29 11:06:37 | 000,005,103 | ---- | M] () -- C:\Users\Public\Documents\Lockdown.jar
[2013/11/28 19:03:59 | 000,356,852 | ---- | M] () -- C:\Users\Public\Documents\Death Bot.zip
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/23 22:09:47 | 001,233,962 | ---- | C] () -- C:\Users\Phil\Desktop\adwcleaner.exe
[2013/12/23 18:57:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/23 18:57:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/23 18:57:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/23 18:57:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/23 18:57:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/23 13:44:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/22 18:07:16 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/20 12:47:47 | 009,964,166 | ---- | C] () -- C:\Users\Phil\Desktop\01 Letters.m4a
[2013/12/18 14:17:09 | 129,144,315 | ---- | C] () -- C:\Users\Phil\Desktop\Pixelmon 2.5.7.zip
[2013/12/15 12:10:59 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/15 12:10:59 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/12/12 19:01:20 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/12/10 15:31:46 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/09 15:20:53 | 000,001,747 | ---- | C] () -- C:\Users\Phil\Desktop\Cain.lnk
[2013/12/07 15:34:50 | 000,201,166 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\JavaSecurityUpdate.jar
[2013/12/03 20:03:16 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/02 15:22:44 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2013/12/02 15:22:43 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2013/11/29 11:06:36 | 000,005,103 | ---- | C] () -- C:\Users\Public\Documents\Lockdown.jar
[2013/11/28 19:03:57 | 000,356,852 | ---- | C] () -- C:\Users\Public\Documents\Death Bot.zip
[2013/11/24 09:16:55 | 000,002,012 | ---- | C] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/24 09:03:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 20:53:59 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/10/29 16:57:13 | 000,061,678 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\PFP120JPR.{PB
[2013/10/29 16:57:13 | 000,012,358 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\PFP120JCM.{PB
[2013/10/29 16:55:44 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013/10/05 19:18:15 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/04 22:38:03 | 000,007,615 | ---- | C] () -- C:\Users\Phil\AppData\Local\Resmon.ResmonCfg
[2013/09/20 05:32:25 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{462600C0-FFEE-4092-8055-CD53D9B2F6CA}
[2013/09/08 07:37:31 | 000,000,600 | ---- | C] () -- C:\Users\Phil\PUTTY.RND
[2013/08/29 20:56:29 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/08/23 13:25:10 | 000,001,830 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/08/22 17:57:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/08/15 15:24:50 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013/08/01 19:03:19 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2013/08/01 19:03:00 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2013/08/01 19:02:07 | 000,001,459 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2013/08/01 19:02:07 | 000,000,751 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2013/07/31 17:16:42 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/07/31 17:16:42 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/06/30 21:11:19 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\_MAFII.dll
[2013/05/08 13:07:17 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/23 19:02:01 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/04/20 12:57:45 | 000,000,408 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\CamShapes.ini
[2013/04/20 12:57:45 | 000,000,408 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\CamLayout.ini
[2013/04/20 12:57:45 | 000,000,102 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Camdata.ini
[2013/04/20 12:53:46 | 000,004,509 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\CamStudio.cfg
[2013/03/08 14:40:49 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/26 13:25:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/02/26 13:25:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/10 16:35:13 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/01/18 07:04:52 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/01/13 18:34:48 | 000,000,009 | ---- | C] () -- C:\Windows\pbase.dat
[2013/01/13 18:34:48 | 000,000,009 | ---- | C] () -- C:\Windows\npbase.dat
[2013/01/13 18:34:48 | 000,000,009 | ---- | C] () -- C:\Windows\hbase.dat
[2013/01/13 18:34:48 | 000,000,007 | ---- | C] () -- C:\Windows\hsize.dat
[2012/12/13 18:16:50 | 000,001,456 | ---- | C] () -- C:\Users\Phil\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/12/09 14:04:02 | 000,000,004 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\steam_md5.dat
[2012/11/27 17:01:35 | 000,006,656 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/11/25 16:23:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/11/01 19:28:37 | 000,173,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/28 14:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/10 04:24:30 | 000,001,309 | ---- | C] () -- C:\Windows\cm108.ini
[2012/08/10 14:49:57 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/07/26 15:25:53 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/26 15:25:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/27 21:41:08 | 000,012,295 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2012/04/15 16:51:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/04/15 16:51:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/04/15 16:51:14 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/04/15 16:51:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/04/15 16:51:14 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/04/15 16:51:14 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/04/15 16:51:14 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/04/15 16:51:14 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/04/15 16:51:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/04/15 16:51:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/15 16:51:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/15 16:51:14 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/15 16:51:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/15 16:51:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/15 16:51:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/15 16:51:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/04/15 16:47:05 | 000,000,051 | ---- | C] () -- C:\Windows\ENX125_127.ini
[2012/01/03 02:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011/09/18 17:04:10 | 000,000,129 | ---- | C] () -- C:\Users\Phil\jagex_runescape_preferences2.dat
[2011/09/18 17:02:29 | 000,000,035 | ---- | C] () -- C:\Users\Phil\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/23 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2013/05/14 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.mono
[2013/12/18 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.technic
[2013/08/21 15:41:11 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\3909
[2013/05/23 08:45:28 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\3909 LLC
[2013/07/31 19:07:03 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\abgx360
[2013/05/25 16:51:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Activision
[2013/12/13 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AirVPN
[2013/03/05 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Atari
[2013/08/12 10:55:10 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Audacity
[2012/08/26 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BANDISOFT
[2012/09/23 11:07:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Bitmeter2
[2013/12/22 15:22:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BitTorrent
[2012/01/30 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/09 13:41:24 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DAEMON Tools Lite
[2013/08/20 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DG
[2013/01/18 07:04:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DownTango4SToolbar
[2012/11/27 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DVDVideoSoft
[2012/04/16 07:03:08 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\EPSON
[2013/12/11 21:32:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FileZilla
[2013/10/25 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Foxit Software
[2012/10/16 16:39:50 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FPSUnlock
[2013/05/29 16:20:12 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FreeArc
[2013/10/06 08:23:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Gyazo
[2013/09/08 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Hensense.com
[2013/09/10 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Idle Processor Utilization Services
[2013/05/23 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\IGetThisCallEveryDay
[2013/04/06 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ImgBurn
[2013/06/05 16:10:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\IrfanView
[2013/08/04 18:20:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\JAM Software
[2013/05/31 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Little Inferno
[2013/11/30 11:59:14 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\logs
[2011/09/20 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\LolClient
[2012/08/05 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mael
[2013/08/17 21:16:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MAXON
[2013/01/05 12:41:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Modern warfare 2 - Player
[2013/11/16 21:20:26 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MPC-HC
[2013/09/29 16:23:21 | 000,000,000 | -HSD | M] -- C:\Users\Phil\AppData\Roaming\msgr
[2012/06/25 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MW2 FoV Changer
[2012/09/21 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MW3 FoV Changer
[2013/04/06 10:20:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\New Technology Studio
[2013/07/30 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Notepad++
[2012/08/26 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OnLive App
[2012/03/11 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org
[2013/08/14 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Origin
[2012/12/12 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PDAppFlex
[2012/12/12 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PowerISO
[2011/09/29 18:35:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Publish Providers
[2013/02/22 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\raidcall
[2012/11/11 14:07:47 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\redsn0w
[2013/07/30 15:07:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Sony
[2013/07/30 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Sony Creative Software Inc
[2013/02/09 10:28:21 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Spotflux
[2012/12/13 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/12/11 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\StartIt
[2011/08/20 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Synaptics
[2013/06/13 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\System
[2013/01/11 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SystemRequirementsLab
[2013/12/15 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TeamViewer
[2013/02/16 17:07:14 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Theta
[2012/11/18 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TuneUp Software
[2013/09/09 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Tunngle
[2013/06/12 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Ubisoft
[2012/09/27 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Unity
[2013/04/06 14:32:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2013/07/31 17:17:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\VideoEditor
[2013/09/22 15:15:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\VoipBuster
[2012/12/27 14:31:44 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Authenticator
[2013/03/22 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Live Writer
[2013/06/13 15:48:32 | 000,000,000 | -HSD | M] -- C:\Users\Phil\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >

 

[Asian Lag]

OTL Extras logfile created on: 23/12/2013 10:37:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 62.37% Memory free
15.40 Gb Paging File | 13.03 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): c:\pagefile.sys 10160 10260 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.94 Gb Total Space | 42.59 Gb Free Space | 6.29% Space Free | Partition Type: NTFS
Drive D: | 21.40 Gb Total Space | 2.28 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 88.69 Mb Free Space | 89.71% Space Free | Partition Type: FAT32

Computer Name: STAN-HP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39B01694-6E69-41E3-A773-03A47DCECB38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3AB05484-B6A1-414A-87F5-3124EEF2E81B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B35B946E-B497-44C5-975A-625F445FDB5E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

 

[Asian Lag]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000E6F7F-D5EA-4D7C-AA63-03DDA71F2BF2}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{01B9C052-C97B-49F3-BE96-B563D379D24D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{022FE075-142A-40E6-BDE2-C90BBC6CE53E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{028C356A-3008-4E89-B5F8-A1717ED6512B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{03BD5061-2470-4FD2-B21E-B73D32247F41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{054159A5-1557-4327-BE78-2D1BCFDA04C7}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{0579918E-FC87-4E9A-AB3F-16AD108DAB14}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{07C484A1-F4BF-4230-845C-512F425D07FC}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{0983F648-2901-42AE-8FB3-9E88156BEDA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{0A20C0A6-C14D-4389-999A-1A4AEB009E7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0A861B1D-D709-4CAE-A4C4-BF08407C9648}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0C7E67E4-8591-4AD5-B455-78B1A35129BF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{0C9C93F9-46B6-45A9-85CD-F1B7264195D6}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the stanley parable demo\stanley.exe |
"{0E77E6B9-6C89-4E3E-8F43-F2703E92D613}" = protocol=6 | dir=in | app=c:\games\volition inc\red faction guerrilla\rfg.exe |
"{0F13AB6E-D4DE-4AEA-8B26-A7D77EF930CE}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1011B394-00DA-47F2-B134-E2410D8FEF88}" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\temp\7zs1a45.tmp\symnrt.exe |
"{10536947-F853-4194-AAC0-2FDFFF07650C}" = protocol=6 | dir=in | app=c:\users\phil\desktop\utorrent.exe |
"{12950EBB-7B4F-4475-968B-579433F2A633}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\nba2k13\nba2k13.exe |
"{129C9A56-BDF6-42DE-B728-2CD524205C80}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{1308DA59-9D07-461F-B3BE-629AF47FFA95}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{149988D3-09E9-4AF4-ADD6-C817CDD2319E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{14F20679-C566-4267-A7EC-624572FAFD2D}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{16CFD73B-2CA0-4161-9200-E675D26557EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{176285A4-12D8-4C23-A26D-9A86347E33E6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{19A39279-BE80-422D-899E-FBB559259092}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1B35370D-9B41-4626-AF31-120E63614054}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{1D548C72-B1FE-4EDA-8EC3-EC336FD15F1E}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{1EFD03A3-68D7-48B2-BD09-125CD2D7AA75}" = protocol=6 | dir=in | app=c:\games\dead rising 2\deadrising2.exe |
"{1F9A395E-4886-45EA-8208-0458C8279339}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\portal 2\portal2.exe |
"{21187EA9-54AF-4930-AE93-EF55091DCDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{21E1CB20-EBD9-4887-8060-A210C7C5189A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{22212B2D-2161-400C-9605-52290D366336}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
"{24AF4B0B-566A-422E-8399-975559F8687A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\counterstrike source beta\hl2.exe |
"{26A5130B-63B1-4B56-ACE8-DB4DB5D1A902}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{2763BB20-CC92-461C-B752-139ACBFDABB8}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{283245D3-7BB4-4DE9-94E2-BDCA05456654}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{2BE1AF97-7511-47FC-882B-FD493AB60FAE}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\sniperghostwarrior2demo\bin32\sniperghostwarrior2.exe |
"{2E17F304-27A4-4BFA-9194-358BE6FD14BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{2E74EB0B-7190-40A6-B017-B69344885AAF}" = protocol=17 | dir=in | app=c:\games\dead rising 2\deadrising2.exe |
"{2FC9ABDB-4B75-434F-B6D5-A2ABC6A8468A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3058D3D6-B3AC-49FB-813E-965A19A332EB}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{3078CB22-EEB9-427A-911F-CEECA8B8CB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\counter-strike source\hl2.exe |
"{31E81A33-B3BA-4B0A-9561-DA5F7BCB7E51}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{352042E4-7811-4BD3-8933-9A58AAD87598}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{35754CA7-54E6-4A62-AD8C-554232954240}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{35875087-E080-4ED7-8B69-84ADF7322488}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{35CF6A9B-477D-466B-92D4-4980F662DD6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\swkotor\swkotor.exe |
"{3632667B-3A37-478E-8EDA-00D39389BB59}" = protocol=17 | dir=in | app=c:\origin games\dead space 3\deadspace3.exe |
"{36C92044-32D3-4C1D-8B96-1A9D682A1756}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3738DB95-34CA-4411-A2D6-916947FF920B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\counter-strike source\hl2.exe |
"{3832DB13-9424-40AC-888E-89A20FC51C68}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
"{383838E3-25F8-41F3-AFF1-85CC057FB700}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{39446024-F1BF-4009-8A7B-25B35B8F6DAB}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3A37FE89-9E33-4980-AAFE-06F471A9D114}" = protocol=17 | dir=in | app=c:\origin games\simcity\simcity\simcity.exe |
"{3D32ED4C-7285-4827-B770-59644051E609}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3F98742E-E0B9-4536-96C4-F339C1BDFE8C}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{42927C5C-57FB-428C-99BE-BE1D9B88F31D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{42D285FE-6D84-4AC6-9AE7-BF55B841A645}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
"{45FF52DC-8663-4380-B0EF-33F4BEFD7AD7}" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\temp\7zs1a45.tmp\symnrt.exe |
"{476416AC-038A-48CC-B322-332D3BAB6580}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{478CC11D-853D-410F-BCA4-7312D0A4754C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{483E8F6E-C02E-40AB-8E7A-2A388C157647}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{4AC44FF3-11B3-494E-B5AA-55038E2B91B5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4FC8422F-A300-4B9B-A7B0-DB3B65B7287A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{505DA06A-9E1F-4516-BEAF-070AE7643EB9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{50C075A1-550C-4F7C-8C69-B897B37531EF}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{50C6DA9B-78A8-42C9-9510-9427A89EC13B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{510F08F0-05A2-4B1C-94EB-FED2F3BC3FB5}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{5269FDFC-E13D-4811-A8F1-E5285FCBE608}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{542BCF56-E246-49C2-B631-5480A2A3004B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{54DFF0A6-AF17-46A7-A3A5-AE3494065BED}" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\temp\7zsc9dd.tmp\symnrt.exe |
"{567ECA95-A92C-4750-8268-981DB6AD8C01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{5748102C-3079-42EA-B127-FEAC64B710C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5B9D5546-7F08-4B0A-BA23-15F90BD61717}" = protocol=6 | dir=in | app=c:\origin games\simcity\simcity\simcity.exe |
"{5BCA8523-F0D9-4D50-A724-D0AF74AAB945}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DF0B4C4-D6A7-45C2-8B8F-2A62C51FF703}" = protocol=58 | dir=in | app=system |
"{5FF2BA56-8B38-40CB-9BCA-DF634F4547F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{601B008D-84B7-41C6-AD31-4F06F72F1133}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{60AC7B48-3910-470A-B5F1-5FDD78F5D46E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{62BFD907-15B4-4050-B12B-105B240A9F68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62F880E8-8E54-4B8C-82D6-58D6AF4F3B0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6458C6C8-CF6E-4C1A-9C85-6BC208FA38C3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{65E8A1D2-BF9A-4F3D-9E9E-EA404736E650}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{662B5417-3A3E-4746-B9C7-6F47277229CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{664B4927-0CDB-4F63-BA28-2F10556B642C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{67516651-EC5D-487B-A31E-F34DF765FFEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{6786D684-D1B7-4E85-B893-58FAD09A27AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{697E1912-6BBF-4EF9-B78E-FF40CA7A6B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\garrysmod\hl2.exe |
"{6A2950DD-49B1-4F90-8AAE-A6B69DA742D8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6BEF2B60-B3A4-4D1C-8B1F-A4433DC3503B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6C18AA43-4AE6-4640-9CFB-EF0B8AEBC726}" = protocol=6 | dir=in | app=c:\games\rockstar games\grand theft auto iv - episodes from liberty city\eflc.exe |
"{6C9C9BE9-766D-4FFF-919F-EEA78A707F03}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6D22C802-A396-4E0C-B1D8-3C8C5C388F3B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6DCEC656-E04C-4D1F-8293-710F0E7D6C60}" = protocol=17 | dir=in | app=c:\origin games\battlefield 3\bf3.exe |
"{6EB0A23B-7524-4672-B78D-5B6EA1593526}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6EC3D24D-05ED-429B-9CB8-8042D34265A0}" = dir=in | app=c:\users\phil\appdata\local\microsoft\skydrive\skydrive.exe |
"{6FBCF928-7DA4-4D2D-8663-68451785C7AB}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{6FF6E1FC-BDC6-44A6-94EE-3D1BAA46A84C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7089871B-AEBF-4742-B56C-545FE5ECC21E}" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\temp\7zsc9dd.tmp\symnrt.exe |
"{75DD9B6D-4E6D-4246-90D0-17C704629307}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7647E788-6D99-47E0-9D59-1F85517A651E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
"{7A7985BA-69E4-4F9A-B2BB-9BAB47FDB6A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{7B3F5954-D9B9-4F95-899C-40E6C2715BED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{7B9DE093-5E27-49ED-BE98-56F2AFBEF910}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{7EA69DAF-9B10-467D-942B-B18672E6A105}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{7F1C2422-14FF-438F-97DA-C7D6D4A55196}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{807DAC28-41AD-47B5-9BAE-07FA9ED91A52}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{80847653-DAA0-4BD6-AF5C-29B89A0C2F7E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{82718354-7F89-401A-AA74-D8A3218EA99B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{844C6CEC-B19C-48A4-A0E5-B2881D15FE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{87879712-C668-4D15-B6A0-4FAD13A9686C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{87D29A61-D2D1-4303-BD2F-815A770E0435}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{8BB2C376-1C57-48AA-89A7-C74E697064CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{8BF2F680-0CCB-46A9-9335-9B89B28D1B99}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{8CFD0B06-0BAB-486E-A15E-8C9A12B64E17}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{8D1BB041-885A-473C-AAB3-19D27463A954}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{8FCCADD4-29D3-4968-B4E0-2CEF0879E986}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{910CBA11-7E6A-4890-86F5-69745E35CD17}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{91A75D3D-F0BA-4DCE-89A4-3D76EEC06B48}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{94F13CF3-D021-48AC-830A-48178D5B1D63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\portal 2\portal2.exe |
"{94FB2491-7A73-4E04-AD1E-B8E6F2C80204}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{95109A22-1C77-4CE3-8519-CD597BBC7EC7}" = protocol=17 | dir=in | app=c:\games\volition inc\red faction guerrilla\rfg.exe |
"{978BD0B3-7C00-4AEC-AF29-82382726E998}" = protocol=6 | dir=in | app=c:\program files\valve\garry's mod\hl2.exe |
"{989642F1-8B70-4ED8-BE48-5302E970AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{98EA11E0-BEAC-4FEA-ADCE-61B536B53729}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{994D5A6E-9C17-4D08-9B17-C2483C94EB9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\nba2k13\nba2k13.exe |
"{9959AD08-D2B9-45D4-9719-D1AAEE18EA30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9A7D3702-D895-47EA-A860-5A129C4DB858}" = protocol=17 | dir=in | app=c:\program files\valve\garry's mod\hl2.exe |
"{9AB4EFAE-90F1-4B1E-A7D5-E8D7F872D6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steam.exe |
"{9C1C00EE-ECA0-42FC-9E53-C14F4627C6F0}" = protocol=17 | dir=in | app=c:\program files\valve\garry's mod\srcds.exe |
"{9CC65E02-3483-48E3-8568-0D2EB0D8C73A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{9D133B20-404A-4ABB-8D8B-4050A15C8016}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{9DE9D7B3-2BB1-46C7-B209-78CB7CD50E16}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{A0604F1B-282E-404E-BADB-84EC335454DA}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{A08EC5D0-2D35-47EF-8A65-A8935F2EFB84}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A3788E4B-8B74-4326-AACF-5C82DC071C37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{A5E89F43-B184-4F7F-B983-C206768116BC}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{A8E4D609-9151-495A-B7B1-C4ED6C343AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{ACCB61DE-0D2D-4065-80FB-A4EAB9D26572}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{AD32C867-27A9-4284-853D-A57B5C539A25}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AD6D5A32-C6F7-4B3E-8AEF-D6860E1751C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{AE3890D9-1A07-4794-8A3C-DD438EAEC9E6}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{AEF775C4-825E-4A01-A9F6-D3861EA77BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{AFD2B9B5-A541-40C4-A658-FCBEAC728F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B01BEB94-DA08-4E29-9EC3-B6986EBE47EA}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{B0626381-7563-4E51-8EE9-77B6E01392B9}" = protocol=6 | dir=in | app=c:\program files\valve\garry's mod\srcds.exe |
"{B0F9A180-95FB-44ED-AD1A-8FBA7D83F401}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{B28A81E9-947E-47E4-8923-987A6B570ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\swkotor\swkotor.exe |
"{B3ED2811-B2C3-46A3-BA92-E5977D7A4966}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{B4919569-0FC7-476F-AC0D-C820B5BEEC65}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{B4B35D51-FD3D-492C-B9BA-11A6C05347E6}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{B56BC91A-AFE2-4FFF-881B-1510D8CB1984}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{B58BB47C-B996-436D-B55A-2DFA0D152364}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{B5DC8841-F4E6-4A53-B901-72339F458A71}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the stanley parable demo\stanley.exe |
"{B606FC42-654A-4B02-B091-C3194180E94D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B9F17A4C-7CD4-4793-8E7B-C3717787579A}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{BAEF41BE-6E6A-4666-BC3F-64C239BF8353}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{BAF5832F-FF9F-4837-A518-328186450747}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{BB129D69-6F20-4C33-97BA-E0E6C2C508EB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{BCFAC9DC-B835-4BFA-BA27-2652963DA675}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\tacticalintervention\bin\tacint.exe |
"{BD02C06B-E561-4982-B083-4D0DD93F4D53}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{BF279957-D9C7-45FD-B6B5-B56671FCDAFD}" = protocol=6 | dir=in | app=c:\origin games\dead space 3\deadspace3.exe |
"{BF86FFBB-5F21-4EFF-8109-EE30A3CF4F7A}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{BFCF581E-A918-43D7-9129-63A0CB912427}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\bittorrent\bittorrent.exe |
"{C010DDF4-920B-4959-BCF9-D11B27EE03BC}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\demolitioninc\finaldgamegl.exe |
"{C035F91D-8417-4E11-BEFE-A32835D5E0A0}" = protocol=17 | dir=in | app=c:\games\rockstar games\grand theft auto iv - episodes from liberty city\eflc.exe |
"{C1759877-6139-49E8-9401-E76246A51529}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C30ADAA5-1747-4599-ADD8-D924FCE4DA28}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{C54E9512-FA84-46F3-939C-E0074FE66420}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\demolitioninc\finaldgamegl.exe |
"{C585CF40-F4BE-47A7-B89A-62DC17BB6FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{C717221A-B2F3-4D05-BC40-C77D45994E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{C84AEEE2-7090-4B56-98DD-C3EBDD0D4E4F}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{CA5E95CD-690A-4D1C-9A3B-B436134B8961}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{CD472299-DB1D-4646-8B27-25AE901751DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{CD47696A-86CE-4FB6-8473-A9AEDD4D9FA4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{CE01F501-043C-423F-B2FA-C01DAC00FDB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{CF119EB0-A7CB-4463-ACD0-05483ABF0648}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D01D6C6B-7194-4D77-9235-28460774FC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\garrysmod\hl2.exe |
"{D30770B4-4871-4209-8C86-169066F1EFB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{D5E4BB6E-72AB-4ABB-96EB-B3E4C7286F81}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\bittorrent\bittorrent.exe |
"{D5ED24BD-2C59-4DC3-9C98-D09089969533}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D63ECCB9-79A7-41C8-A487-97C1D555C063}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{D758054A-8FDE-430F-81AD-ACCCDA127B57}" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\temp\7zse436.tmp\symnrt.exe |
"{D7B92A97-699E-4987-A07F-814DA36448CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D7D1FC7A-4BE4-4667-B254-0BFB74E90E05}" = protocol=17 | dir=in | app=c:\users\phil\desktop\utorrent.exe |
"{D90579F6-E1CE-44F6-982E-6DFD5833F1E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9E8EFA6-245B-4D66-AF38-FFE126C5963C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DB91EC8C-3517-48D3-A5EA-CFE7D236B145}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\tacticalintervention\bin\tacint.exe |
"{DDB59213-98AC-4402-9E74-F5158DEABA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{E093977B-52F7-4347-AC30-D2F77B06BCA7}" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\temp\7zse436.tmp\symnrt.exe |
"{E0DD4C67-B52B-4D65-9725-C5D221653359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{E15825E9-45CE-490C-BA09-1D22C6B15A50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{E1E12D94-87D9-4FAF-86DC-B54B3A540D69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E2BFD74D-65CF-409C-8745-93863FBFD4A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5A5EA97-4A74-46B6-A610-9EA5A1CF9074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{E5ADE503-A8B6-4538-8127-187679ACCEBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{E6A9849A-AB0C-4E7A-8AE6-691B44AEAB0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{EA509998-C3B2-4652-BB4D-78B8F6C8AB62}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{EA78C854-3CE1-4FA1-8FA6-58BE2AC3FCF4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EAC70F2F-2035-491F-ABF2-1715F38B34C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{ECBF4ECE-4FE5-4537-9A0C-89AD7C1BFEEF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{ED05D3E6-F340-4543-BA33-D00D02D02BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{F1E7A9BB-1641-4018-BF5F-79318CA61292}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{F3CC810C-43E7-49F6-ABE8-D015F43D656E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steam.exe |
"{F4529AD9-D357-4ECE-B290-4246B554AB24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\xdivinityz\counterstrike source beta\hl2.exe |
"{F4B9D8AF-50EF-486D-B8CF-CCB44C12637B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{F4C82E07-8AD6-4AB0-AA22-58D15C40FF6A}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\sniperghostwarrior2demo\bin32\sniperghostwarrior2.exe |
"{F569C49B-E902-43CE-9B06-A44CA13EA0B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{F6689499-C407-42E8-ACB0-94A19EC890FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{F6A0330E-3561-4BF1-B7ED-F2D84948ED56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{F7555944-6E6F-413E-BFD9-B55D65933BD2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F83E473B-CD7C-4C0F-B69F-94FFA7773376}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FB837FE1-2481-4EEC-A661-D5FD5BD48665}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{FC20ED28-CC69-45D2-BBC7-FDC5014A40F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{FC826E69-7683-4B5B-A68F-A937F5FE10C7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{FE36C26A-F1C5-4AFD-AA61-5E4C7F95A90D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{FE80E02E-E5FE-41C5-AD9F-7156E017B2E3}" = protocol=6 | dir=in | app=c:\origin games\battlefield 3\bf3.exe |
"{FFA49FE8-5D95-4728-AD8F-CB7955D539DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{0D5A5319-C2AC-4FDD-B587-385A2B141036}C:\simcity\apache\httpd.exe" = protocol=6 | dir=in | app=c:\simcity\apache\httpd.exe |
"TCP Query User{2544EF3B-920C-49BA-A1CB-F41259C75BDE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2B5CC8D5-16A6-46C4-A273-A3A9363C089B}C:\games\activision\call of duty - modern warfare 3\iw5m.dat" = protocol=6 | dir=in | app=c:\games\activision\call of duty - modern warfare 3\iw5m.dat |
"TCP Query User{470F8A2F-C52D-45CA-97EF-E61A8F13460A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5D842995-FF5F-4C3D-81A0-D2DB3135C606}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{607B4050-CF34-4AB1-9E03-865030B0C4F9}C:\simcity\start.exe" = protocol=6 | dir=in | app=c:\simcity\start.exe |
"TCP Query User{67B9B618-9178-49B6-BEF8-6A9DBA263041}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{6A9882F8-2255-4D5D-92F4-A021A3E35217}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{9BDC520B-8817-4552-B31E-87EA691B1DEA}C:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A5075270-5A84-43F5-A861-3A8B5300D327}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{D3952E79-7582-475A-A6AC-25FB9AFC3C1B}C:\users\phil\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\iw4m\iw4m.dat |
"TCP Query User{D39FAE8E-8928-48AD-9E6E-A3B521F7FE2F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{EE53B37B-F888-4347-9D1E-AED64137421B}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{258C2D8D-9A55-499F-871F-4FE3D498AFF6}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{55B7E906-1DD5-4951-B255-87DEE2BC10F2}C:\simcity\start.exe" = protocol=17 | dir=in | app=c:\simcity\start.exe |
"UDP Query User{593D2F8E-8F10-4EE8-B86B-BD4BB5C380C9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5F4C8737-2F17-449B-A69B-E5637DECA67B}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{66DD7C93-CDBC-4EF4-B47E-27846158718B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6AC626CB-4F22-4C89-850E-C2F8AA84B9C6}C:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{6C6E73E1-1434-4B11-9DCE-82BAB2EDDAB3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{73E71BA4-7C8C-4428-AB53-389E45D7C34D}C:\users\phil\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\iw4m\iw4m.dat |
"UDP Query User{A93C6C7E-BF05-4D64-BD81-7DC103D7EF6F}C:\simcity\apache\httpd.exe" = protocol=17 | dir=in | app=c:\simcity\apache\httpd.exe |
"UDP Query User{B916359B-5F52-4841-ACE0-693E05CFEC50}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C5301D67-86FE-4C83-8171-49A5F28C464B}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{CA38A245-913F-49FC-AB0C-567084C18AD2}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{EAE31A17-E337-4069-9553-07710DC42DE9}C:\games\activision\call of duty - modern warfare 3\iw5m.dat" = protocol=17 | dir=in | app=c:\games\activision\call of duty - modern warfare 3\iw5m.dat |

 

[Asian Lag]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B48F87-6485-49EC-8B7C-18EBD4DB2433}_is1" = Idle Processor Utilization Services version IPUS 2.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series" = Canon MG3200 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2CD600E3-55E9-47B3-9611-6FE0ECC04BF9}" = FusionTweaker
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50317592-9427-C823-DE99-19975BF6BD50}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{774C560F-33BD-BAB2-C9C8-57F7A92202F5}" = AMD Accelerated Video Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}" = Python 3.3.2 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D6BAEB89-32B9-E82A-BAF2-C78AAE66161F}" = ccc-utility64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DBDD570E-0952-475F-9453-AB88F3DD565A}" = Python 2.7.5 (64-bit)
"{E2EC326D-EFCB-D25B-0966-43EBD738DA2B}" = AMD Media Foundation Decoders
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F70FF081-687D-4B88-F283-6D869AFAF8F6}" = AMD Fuel
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.22
"Defraggler" = Defraggler
"DriverAgent.exe" = DriverAgent by eSupport.com
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"Explorer Suite_is1" = Explorer Suite IV
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Sandboxie" = Sandboxie 4.04 (64-bit)
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.2
"Virtual Audio Cable 4.6" = Virtual Audio Cable 4.6
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{05B4DE59-34FC-5E54-8682-1639824BF4A3}" = CCC Help German
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{107c7af4-bcdb-4ba2-87d1-3cb1f7190dba}_is1" = DownTango Launcher 2.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145D0979-8077-F52A-A185-98A5D8FCEF6B}" = CCC Help Hungarian
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA14313-9E0D-4F2C-A930-C7EBEB5818D6}_is1" = Modern warfare 2 - Player version 2.0
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{22279BD0-0636-899A-CBD4-BFDE9922D075}" = CCC Help Portuguese
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.3
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2A52C79F-4BBF-4DC9-B290-53EF09B4781D}" = Minecraft
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{305CBAB8-9B84-7FC5-D0BB-ABF3D36396CA}" = CCC Help Swedish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C1984B1-68AC-CA89-BF8E-B73D91BE5E16}" = CCC Help English
"{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1" = Modio
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{41545534-2D56-3700-76A7-A758B70C0700}" = Ask Toolbar
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1" = Call of Duty Black Ops 2
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DE44C4E-EDE3-CC5F-27B8-F474EDE27AB6}" = Catalyst Control Center InstallProxy
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5263C4CF-64D6-E29F-6FC1-21A523E8912A}" = CCC Help Russian
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{54510837-BD04-4C32-9676-DB1000038202}" = Red Faction: Guerrilla
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5ED97A27-2666-42CD-B964-C0A368724ACC}" = AMD OverDrive Beta
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.0.2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{71B53BA8-4BE3-49AF-BC3E-07F392006300}" = USB PnP Sound Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7C2422DD-DAE1-1AC2-6E18-0A8920FB4A36}" = CCC Help Dutch
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7E681BA3-2A68-EE8F-90C3-691BE5FF7848}" = CCC Help Norwegian
"{8122A2EB-9315-95EB-DEE3-1AE402DE333F}" = CCC Help Turkish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C494A61-EE85-60FA-8AB1-71C27650E271}" = CCC Help Greek
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924D643E-8799-4774-2A27-9FE3CD1410D8}" = CCC Help Italian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{968F6F38-B920-D92A-D113-39C829A41ABD}" = Catalyst Control Center Localization All
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EEAB4F-B805-7716-2092-8F0284CE998E}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9CD7E9C6-A02F-5C01-2539-4B006CEF59D4}" = CCC Help Spanish
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9EB8326B-3FE8-05BB-757B-7CFA6CDD9465}" = CCC Help Korean
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A12D1D8A-3EAF-76A3-6ED3-1FE32070BF4A}" = AMD VISION Engine Control Center
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2147761-12F5-3E07-B906-85B23F640FA2}" = CCC Help Japanese
"{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3FD7C6B-3C9F-BEA7-A771-17C01F4DEAEC}" = CCC Help Chinese Standard
"{B47983DE-3E2A-1AC7-82B0-AE9093DC192A}" = CCC Help Czech
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFE85F6E-21FB-A5B1-8DF0-4257B38CA7FD}" = CCC Help Thai
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C43BC8-2460-4E01-9628-332E04523BDC}" = HP Documentation
"{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CDF59DEE-EB7F-5F01-FA54-3AFD668036A3}" = CCC Help Danish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DFE21566-A0DA-2E38-F232-3425D9D54172}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F01A9580-2629-CF66-9E64-48C7316226E3}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F1A62D4E-0DFB-CD8C-1E04-4C8296974F64}" = CCC Help French
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}" = Microsoft Primary Interoperability Assemblies 2010
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3348B5-0F23-74D4-C70B-16ACE7EEB975}" = CCC Help Polish
"abgx360" = abgx360 v1.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Afterburner" = MSI Afterburner 2.3.1
"AMD GPU Clock Tool" = AMD GPU Clock Tool
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitMeter" = BitMeter
"Cain & Abel 4.9.49" = Cain & Abel 4.9.49
"Call of Duty Online ÏÖ´úÕ½Õù" = Call of Duty Online ÏÖ´úÕ½Õù
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"Carmageddon 2.0.0.1" = Carmageddon 2.0.0.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeHook Login System 4.0" = CodeHook Login System 4.0
"CodeHook Login System 4.21" = CodeHook Login System 4.21
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Counter-Strike Global Offensive V_1.22.2.8-=AviaRa=- V_1.22.2.8" = Counter-Strike Global Offensive V_1.22.2.8-=AviaRa=- V_1.22.2.8
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.7.2.1
"Defcon_is1" = Defcon v1.43 en-AU rtl
"Dxtory2.0_is1" = Dxtory version 2.0.122
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"FreeArc" = FreeArc 0.666
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GIF Viewer" = GIF Viewer 3.2 (v2)
"GOGPACKPAPERSPLEASE_is1" = Papers, Please
"Google Chrome" = Google Chrome
"Grand Theft Auto IV_is1" = Grand Theft Auto IV 1.0.7.0
"GTA IV Vehicle Mod Installer v1.3_is1" = GTA IV Vehicle Mod Installer v1.3
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hitman Absolution_is1" = Hitman Absolution
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"ImgBurn" = ImgBurn
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"Little Inferno 1.00" = Little Inferno 1.00
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaBox" = Ó°ÒôºÐ×Ó(MediaBox) 1.2.0.353
"Minecraft1.5.2" = Minecraft1.5.2
"Minecraft1.6.2" = Minecraft1.6.2
"Minecraft1.6.4" = Minecraft1.6.4
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Notepad++" = Notepad++
"OCCT" = OCCT 4.4.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PowerISO" = PowerISO
"Prototype_is1" = Prototype
"PunkBusterSvc" = PunkBuster Services
"R1JJRDI=_is1" = GRID 2 (c) Codemasters version 1
"R2FtZURldlR5Y29vbnYxMzI=_is1" = Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
"RADVideo" = RAD Video Tools
"Razer Game Booster_is1" = Razer Game Booster
"Roller Coaster Tycoon 3 Platinum - CarlesNeo !" = Roller Coaster Tycoon 3 Platinum - CarlesNeo !
"RollerCoaster Tycoon 3 Platinum3" = RollerCoaster Tycoon 3 Platinum
"Saints RowIV_is1" = Saints Row IV
"Sleeping Dogs_is1" = «Sleeping Dogs» 2.1.435919
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 17410" = Mirror's Edge
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 247750" = The Stanley Parable Demo
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 47790" = Medal of Honor(TM) Single Player
"Steam App 47830" = Medal of Honor(TM) Multiplayer
"Steam App 500" = Left 4 Dead
"Steam App 51100" = Tactical Intervention
"Steam App 550" = Left 4 Dead 2
"Steam App 98600" = Demolition, Inc.
"TeamViewer 9" = TeamViewer 9
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TreeSize Free_is1" = TreeSize Free V2.7
"VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1" = The Walking Dead: Season 2
"VLC media player" = VLC media player 2.1.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2595347684-586355138-2177269792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"FileZilla Client" = FileZilla Client 3.7.3
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Skype4Py-py2.7" = Python 2.7 Skype4Py-1.0.32.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 22/10/2012 3:19:32 PM | Computer Name = Phil-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5610 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 29/10/2012 3:22:59 PM | Computer Name = Phil-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 29/10/2012 3:23:15 PM | Computer Name = Phil-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5610 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 05/11/2012 5:13:26 PM | Computer Name = Phil-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5610 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 12/11/2012 4:21:59 PM | Computer Name = Phil-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 4:22:49 PM | Computer Name = Phil-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5610 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 19/11/2012 10:03:24 AM | Computer Name = Phil-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 19/11/2012 10:03:34 AM | Computer Name = Phil-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5610 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 23/12/2013 12:18:08 PM | Computer Name = Stan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000 at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5610
Ram
Utilization: 60 TargetSite: Void Throw(System.Exception)

Error - 23/12/2013 12:35:16 PM | Computer Name = Stan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000 at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Root element is missing. StackTrace: at System.Xml.XmlTextReaderImpl.Throw(Exception
e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument
doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader
reader) at System.Xml.XmlDocument.Load(String filename) at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: System.Xml Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5610
Ram
Utilization: TargetSite: Void Throw(System.Exception)

[ HP Connection Manager Events ]
Error - 06/01/2013 7:00:23 PM | Computer Name = Phil-HP | Source = HPConnectionManager | ID = 5
Description =

Error - 06/01/2013 7:00:23 PM | Computer Name = Phil-HP | Source = HPConnectionManager | ID = 5
Description = 2013/01/06 18:00:23.833|00001CA0|Error |App::IsServiceNotRespondingException{bool(System.Exception)}|HP
Connection Manager service has stopped responding: Retrieving the COM class factory
for component with CLSID {24DB46C8-C842-4E91-9AC4-8A9525A5551D} failed due to the
following error: 80080005.

Error - 15/01/2013 10:53:44 PM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/15 21:53:44.918|00001580|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 15/01/2013 10:53:52 PM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/15 21:53:52.192|00001580|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 15/01/2013 10:53:54 PM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/15 21:53:54.907|00001580|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 16/01/2013 7:56:57 AM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/16 06:56:57.939|00001594|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 16/01/2013 7:57:04 AM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/16 06:57:04.956|00001594|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 19/01/2013 6:47:58 AM | Computer Name = Phil-HP | Source = hpMobile | ID = 5
Description = 2013/01/19 05:47:58.644|00001550|Error |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|

Error - 25/01/2013 8:40:06 AM | Computer Name = Phil-HP | Source = hpMobile | ID = 5
Description = 2013/01/25 07:40:06.805|00000F54|Error |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|

Error - 02/02/2013 7:07:17 PM | Computer Name = Phil-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/02 18:07:17.278|00001A00|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 17/11/2012 11:23:03 PM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/17 22:23:03.531|0000112C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 18/11/2012 12:00:36 AM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/17 23:00:36.069|00000788|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 18/11/2012 12:20:54 PM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/18 11:20:54.231|00001DE0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 10:03:50 AM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 09:03:50.305|00001848|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 10:10:52 AM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 09:10:52.532|00000C50|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 10:58:31 AM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 09:58:31.512|00001344|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 11:17:41 AM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 10:17:41.926|0000167C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 2:29:32 PM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 13:29:32.164|000000B8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 4:28:23 PM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 15:28:23.678|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19/11/2012 5:46:30 PM | Computer Name = Phil-HP | Source = CaslWmi | ID = 5
Description = 2012/11/19 16:46:30.167|00000E8C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state


< End of report >