Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware, "anleyz.exe*32" shown in task manager. [Solved]

Started by archon4 , Jan 29 2014 01:14 PM

This topic is locked

#1
archon4

Posted 29 January 2014 - 01:14 PM

New Member

Member
8 posts

Hi,
Last night I when I turned of my computer, after around 30 minutes of using it, a notification popped up asking if I wanted to continue and download some program. I did not recognize it and believed it was malware so I closed it. However, the same one popped up a couple seconds later, This happened for another 4 times before it was gone. I immediately ran Malwarebytes: Antimalware to see if there were any problems. It they showed up, I removed them, and then restarted my computer. However, after I restarted, my laptop's fan was louder than usual and I realized my CPU usage was almost up to 100 through looking at my task manager. In the processes, the one that took up a huge amount was this unknown foreign name, the process was called "anleyz.exe*32" with a description name of "IirDoramkel Antibibus Scagnur". I opened the file location and it brought me to a folder named "Iwpolyi", and inside it was an application called "anleyz". I tried running malwarebytes on the program and nothing came up. Ads occasionally popped up through internet explorer, even though I don't use that browser, it would just open on its own. Here is the text log from OTL. There were two, one said OTL.text and the other Extras.text. Let me know if you would like to see the Extras.text. I didn't put it up because the instructions said only to copy and paste OTL.text and I wasn't sure if the Extras.text was also included though it did come from OTL. Thank you very much for your time in reading this!

OTL logfile created on: 1/29/2014 1:01:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 13.96% Memory free
11.81 Gb Paging File | 2.51 Gb Available in Paging File | 21.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.10 Gb Total Space | 140.57 Gb Free Space | 31.51% Space Free | Partition Type: NTFS
Drive D: | 19.35 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS

Computer Name: KEVIN-HP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/29 00:59:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
PRC - [2014/01/16 15:37:46 | 009,044,016 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Battle.net\Battle.net.4124\Battle.net.exe
PRC - [2014/01/16 15:37:27 | 008,830,512 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
PRC - [2013/12/18 16:33:56 | 002,770,992 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
PRC - [2013/11/23 01:25:47 | 006,259,248 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
PRC - [2013/10/15 15:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/18 18:19:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/08/14 16:42:29 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/08/04 17:19:28 | 035,253,824 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2013/02/07 08:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/06 15:54:20 | 000,301,802 | ---- | M] (IirDoramkel S.R.L.) -- C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/03/27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/03/27 07:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/10 15:18:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/02/08 10:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/08 10:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/08 10:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 17:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/27 17:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2009/07/13 17:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/28 20:46:59 | 000,708,608 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Qwmics\FnpCommsSoap.dll
MOD - [2014/01/27 09:53:00 | 000,981,160 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Update\Install\{F43A87E8-4CE6-44EC-8798-AA94AA7CAADA}\32.0.1700.102_32.0.1700.76_chrome_updater.exe
MOD - [2014/01/16 15:37:45 | 026,118,656 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libcef.dll
MOD - [2014/01/16 15:37:45 | 000,739,840 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libGLESv2.dll
MOD - [2014/01/16 15:37:45 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libEGL.dll
MOD - [2013/12/13 21:01:49 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll
MOD - [2013/12/13 21:00:16 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/12/13 21:00:13 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll
MOD - [2013/12/13 09:53:31 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/12/13 09:53:30 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/12/13 09:53:22 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/12/13 09:52:21 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll
MOD - [2013/12/13 09:52:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/12/13 09:51:19 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/12/13 09:51:14 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/12/13 09:51:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/12/13 09:50:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/28 20:34:34 | 000,296,448 | ---- | M] () -- C:\Users\Kevin\AppData\Local\ESN\Google\mloenlepno.dll
MOD - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
MOD - [2013/02/07 08:19:50 | 000,019,240 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
MOD - [2012/07/30 14:36:47 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/20 19:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/07 22:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV:64bit: - [2012/11/05 17:23:28 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/02/26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 04:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 04:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/17 15:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/16 09:39:46 | 000,570,280 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/18 18:19:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:19:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/08 10:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 10:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 10:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/06 17:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/28 21:31:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/06/04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 08:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/12/03 16:03:09 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/03 16:03:08 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/11/05 17:23:28 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/11/05 17:19:23 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 14:31:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/05 18:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 18:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/23 14:53:21 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/06/06 20:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 17:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 18:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 17:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/24 18:44:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/24 18:44:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/21 10:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/03/01 17:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 08:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/02/13 07:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/02/09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012/02/07 09:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/27 17:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 17:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 17:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/27 09:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/26 17:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 17:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/27 23:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2011/12/06 19:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/29 17:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/15 14:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/01/17 15:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2011/12/02 17:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS -- (NAVEX15)
DRV - [2011/12/02 17:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS -- (NAVENG)
DRV - [2011/11/28 12:48:56 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/23 09:56:38 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-22 19:14:57&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Kevin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/07/22 16:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2014/01/28 21:34:03 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.5_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Website Logon = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Google] C:\Users\Kevin\AppData\Local\ESN\Google\mloenlepno.dll ()
O4 - HKCU..\Run: [Huedz] C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (IirDoramkel S.R.L.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Qwmics] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C8E6FE-6647-4D87-96D4-2C4914BF2B43}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AA0590-88AB-45B3-976D-9A8B80EDCB72}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b8695b9-d202-11e2-8720-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{2b8695b9-d202-11e2-8720-685d438ec712}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{311e133d-0234-11e3-922d-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{311e133d-0234-11e3-922d-685d438ec712}\Shell\AutoRun\command - "" = G:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{b5ba5400-1703-11e2-bdf5-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{b5ba5400-1703-11e2-bdf5-685d438ec712}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/28 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Iwpolyi
[2014/01/25 23:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2014/01/20 13:52:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/13 10:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013/10/27 19:49:53 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Kevin\AppData\Local\BcsKtYcHW.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/29 01:53:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000UA.job
[2014/01/29 01:25:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000UA.job
[2014/01/29 01:25:31 | 000,002,368 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2014/01/28 22:46:23 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/28 22:46:23 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/28 22:46:23 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/28 21:39:17 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 21:39:17 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 21:31:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/28 21:31:20 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2014/01/28 21:31:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/28 21:31:12 | 460,042,239 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 20:02:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000Core.job
[2014/01/28 19:50:42 | 000,000,600 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\winscp.rnd
[2014/01/28 19:50:23 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKevin.job
[2014/01/28 19:50:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000Core.job
[2014/01/28 11:52:40 | 000,000,600 | ---- | M] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2014/01/16 23:04:18 | 002,056,274 | ---- | M] () -- C:\Users\Kevin\Desktop\12-1 ARENA HS.PNG
[2014/01/16 22:58:33 | 002,355,013 | ---- | M] () -- C:\Users\Kevin\Desktop\11 WINS HS.PNG
[2014/01/15 21:18:19 | 000,312,881 | ---- | M] () -- C:\Users\Kevin\Desktop\Sonate_No._17_Tempest_3rd_Movement.pdf
[2014/01/13 10:08:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2014/01/07 21:21:20 | 036,081,285 | ---- | M] () -- C:\Users\Kevin\Desktop\Introduction to Linear Algebra, 4th edition (1).pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/16 23:04:17 | 002,056,274 | ---- | C] () -- C:\Users\Kevin\Desktop\12-1 ARENA HS.PNG
[2014/01/16 22:58:32 | 002,355,013 | ---- | C] () -- C:\Users\Kevin\Desktop\11 WINS HS.PNG
[2014/01/15 21:18:19 | 000,312,881 | ---- | C] () -- C:\Users\Kevin\Desktop\Sonate_No._17_Tempest_3rd_Movement.pdf
[2014/01/13 11:25:37 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\winscp.rnd
[2014/01/13 10:08:16 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
[2014/01/13 10:08:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2014/01/08 23:58:17 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2014/01/07 21:21:18 | 036,081,285 | ---- | C] () -- C:\Users\Kevin\Desktop\Introduction to Linear Algebra, 4th edition (1).pdf
[2013/10/27 19:49:50 | 000,893,239 | ---- | C] () -- C:\Users\Kevin\AppData\Local\a.zip
[2013/08/17 09:21:59 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/17 09:21:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/20 14:37:22 | 000,000,173 | ---- | C] () -- C:\Users\Kevin\AppData\Local\msmathematics.qat.Kevin
[2013/02/25 00:30:12 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/25 00:30:12 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2012/11/05 17:19:29 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/11/05 17:19:29 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/11/05 17:19:28 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/11/05 17:19:28 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/04 23:42:54 | 000,007,597 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2012/03/24 19:00:16 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = \\?\globalroot\Device\HarddiskVolume2\Users\Kevin\AppData\Local\Temp\sswmrqr\selymdv\wow.dll

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/08 05:35:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Audacity
[2013/12/12 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Battle.net
[2013/04/20 01:06:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Bioshock2
[2012/07/22 16:08:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Blio
[2013/10/27 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Catalina – Print Savings
[2012/10/07 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite
[2012/10/10 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Downloaded Installations
[2013/04/20 01:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\fltk.org
[2013/03/11 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Galaxy on Fire 2 Full HD
[2012/07/22 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GlarySoft
[2012/07/22 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IDT
[2012/07/28 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2014/01/28 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Iwpolyi
[2012/09/15 00:23:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2012/11/19 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\MusE
[2013/08/16 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OBS
[2012/07/22 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ooVoo Details
[2013/09/14 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin
[2013/08/16 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SplitMediaLabs
[2013/08/14 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Spotify
[2012/07/22 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Synaptics
[2012/11/25 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab
[2012/12/12 04:09:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\The Creative Assembly
[2013/02/21 02:34:35 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WildTangent
[2014/01/19 03:37:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\XBMC

========== Purity Check ==========

< End of report >

#2
Machiavelli

Posted 29 January 2014 - 02:16 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Welcome to GeeksToGo, archon4

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

I will come back with a fix some time later.

#3
Machiavelli

Posted 29 January 2014 - 02:18 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Let me know if you would like to see the Extras.text

Yes, please post the Extras.txt.

#4
archon4

Posted 29 January 2014 - 06:23 PM

New Member

Topic Starter
Member
8 posts

Hi,
Thank you for responding. Here is the extras.text

OTL Extras logfile created on: 1/29/2014 1:01:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 13.96% Memory free
11.81 Gb Paging File | 2.51 Gb Available in Paging File | 21.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.10 Gb Total Space | 140.57 Gb Free Space | 31.51% Space Free | Partition Type: NTFS
Drive D: | 19.35 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS

Computer Name: KEVIN-HP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079D287B-F88F-4168-9DC8-5D6C2E2A2119}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0A6E8896-D9B5-4287-A75D-BF6CF30244EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0EAB7EDA-470F-46B6-8A51-A5D9E3E90A11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29AC8AA1-8072-4821-8A98-1323B1A0161F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{337941A1-1FB0-4514-A272-95F98BB0BA41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3447EAB8-97D9-410C-9B8A-EB75DE119965}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C23B74C-1754-4E54-B326-EE1B34B0A729}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C2F23F2-1B0D-4A5A-A1E5-53CF54D3A72A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60AAF74A-2FE2-470C-9D8E-C42A99C588B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E66163A-EB44-4DCF-B3FE-9C606342EC40}" = rport=139 | protocol=6 | dir=out | app=system |
"{6ED99AE9-B120-4561-9EDF-61F5D54A675A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BE391D9-1419-45FB-8CBF-1CFE97EFEAC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C505642-DF81-41C6-9397-1F78B9871FE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B448BFF-C6D0-4B6D-BE41-C6D1D35E9F41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F6B6D36-CB2C-458D-9011-D877372A42BE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A1D4CEF8-6741-4D36-8BEC-822E678860A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AA0C2077-4938-459B-BFCE-0A7B4582EA81}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9A2A90F-E811-42DA-8456-F5A5D8EEADFA}" = lport=137 | protocol=17 | dir=in | app=system |
"{C30452F7-74D7-4D15-BE60-0D6CD8E3DFD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5214170-1531-4921-AFA2-E36F3BFD576F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C55C9B54-4C73-4DC2-BC75-E23544621218}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFF3DE0C-3CFC-4D70-9190-D0353946230F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E036D897-F00F-4685-B65D-AD34351A9875}" = rport=445 | protocol=6 | dir=out | app=system |
"{E456C6FD-DBDB-49A1-ACB8-442AA1B96189}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE93C356-953E-4FD9-B16E-424555D61200}" = rport=138 | protocol=17 | dir=out | app=system |
"{F83E15B8-AEA9-4061-B9DC-F6808AD7E6B4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02718D8B-E773-4B23-A2B5-076FFA22499A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{0340859A-33F3-4CB2-BFAD-BDFC177CF2FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{063F62D0-7868-4522-A4B6-6F54376FE307}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\galaxy on fire 2 hd\gof2launcher.exe |
"{08C281B7-F16C-4B98-8E6A-6ED566D3BD2E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{09B77E74-D4C8-46E9-8044-A0796354C65A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{0C973B22-FE5E-47CA-BABA-2A279230640C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F53F7DC-5C5A-4D28-AF68-9A3DF4620FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{0F94B23C-7138-4DE2-9889-D369E8835F42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1272D1C8-FA59-4231-8F18-C62201349E57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{136B9DCC-62AD-4A88-B44F-7333FE85B842}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{14914C74-3FEF-471C-AB9B-7C2D8D3196FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17C36E1C-5A04-4302-AEF8-45E900BC4509}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{1A29B76F-61EB-4768-A133-D2F2AEF8C23A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{1B6C6B12-2B94-405B-BB37-7BD1399A70E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1C0E1DDC-C489-4925-B06B-BC4982C7489E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1EDB9B79-72B5-4EF3-9A2D-0A888B2CC954}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{1FD55855-FC8B-48E5-AC54-7AE7A63C2E42}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{22BB6AAF-3A16-4239-8D07-0E680984496A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{22FB5094-5415-4C2D-B09B-33CA2E34B511}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{25A9A13F-D132-4AB3-A169-837926168F8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{278A5963-F685-40A0-AD52-ED6A853B9AE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{28ED3C4B-797C-414B-B0C1-28804847ABB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32D918B9-C4C2-457C-8F83-BADF511624DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{33C8FB04-B685-47E8-AC5A-0BFF0B46D7CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{353DC8B8-FA83-4778-A8FC-BEB9D6110B1D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{37A5D274-542E-403A-90DC-19639F959897}" = protocol=1 | dir=in | [email protected],-28543 |
"{37CFEED1-29C5-4A7A-BABE-D5E97135A904}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{38B8DD38-1A2A-43F0-9D99-522BBFEC5314}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{39494A43-97E8-48B7-A757-5CE47B0B33D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{395135C5-5836-4A05-B416-419A42CA6D23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3EFD536C-54B0-48D2-9EE5-600DDA1AC5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{402F6241-3126-459D-B830-D225FD706483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40CF5ABE-EA75-4E2F-B00C-D6760DCFFA8C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{4186D472-F4E3-45E2-B443-E048DADADD5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{43482418-2CA3-4F4B-8B97-225044E80F6B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{438C9C62-FE87-42D0-9A8C-0059F16710C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{43B78D5E-173B-4996-A99C-4ED7A6861D56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{4891ED48-D070-4D70-809C-2C3FE9EDA078}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{489ACA1A-6038-446E-A0A8-AD137981E943}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4AA27171-1DB1-4D6F-8B72-AB3D1AC0EA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4B787C76-3412-4C06-9C07-3D2931682EE5}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{4BEFB9A4-E679-4F62-80BB-83C39E4F73C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D1AEF46-40C9-4C8B-B5D8-3751D8E4C571}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{4FA98673-3AAD-412F-847B-5A657FA20462}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\gamesetup.exe |
"{4FE2C192-9F94-4EB1-9985-57035E2D76FF}" = protocol=1 | dir=out | [email protected],-28544 |
"{50E22305-F016-4D1A-9713-543A150754E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\silverfall.exe |
"{55DA3DEB-FFB1-4894-A5C4-7008BBECE497}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{5962776E-EB3B-4AD4-8408-A0F9E56964B5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{597F56CB-7318-40AD-91A9-28338A65593D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{5ADE4BD6-281F-465B-8DAC-ECE959FEEC68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5C724B85-C0F2-4CD3-A224-C91BCF0CAE45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5D03278D-CDEE-43E5-9631-3CC012B3D0FE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{5F1FB8A6-F42A-4983-B48C-4F527B0100F7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{6738D96F-7F4C-4387-A892-DC56F6F2A386}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{69E22875-733B-41C5-BDE8-04FA71F3AC08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{6A060298-B660-496B-845B-24D716CADE51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{6B3423B0-53A5-486D-8F1E-548DB3FEE171}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{6BB44528-5284-4DFF-B990-ED947F664B33}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{6ECB2B3C-30AC-442F-91A3-A54CF2EB2F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{6EDF4255-20C8-4ABB-8BA1-15A7728B2926}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{71014ECF-5E3C-48F1-A859-ED209F4B2D68}" = protocol=58 | dir=in | [email protected],-28545 |
"{72129F77-E247-4E43-9215-0DDDDA202F1D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{72F3E15A-ACE3-4923-8D27-5D3001400ED5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{73357F3D-4DD2-40C9-B897-06008383C384}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{74EF5435-4E37-426D-886B-0BE9A5A7FCA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{7651A486-8A99-44FD-9819-0EF491EEF0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{773989BC-965A-455F-81DC-FF7BC80660C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\silverfall.exe |
"{79358272-83FF-437D-B552-63195212BF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7968BD8E-B1E1-435A-8853-2D2D1C3D173A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{79AECBA5-991C-404D-ADB7-2D0F214A9AA4}" = dir=in | app=c:\users\kevin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{7A0F5C62-4A7A-4CB6-B008-32804D3E0BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80D2795C-8580-4816-A25D-DD49A1B9E7BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{81E02D67-B5B9-4872-B88A-104DF23C6260}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\mc_game_link.htm |
"{8272A5BE-891B-44BB-976D-EC13A1FB580F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{827AE00C-ABEA-4236-86D8-C2C95C8B8DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\mc_game_link.htm |
"{8370F98C-AE34-48AD-878B-02F78872E264}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{892EB822-38D4-492A-B1A5-2C77303A3BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\starcraft ii beta.exe |
"{89A3B41C-4485-4E59-B881-D3474EF13A40}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{8B36F375-B234-4508-B234-61AB611948D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{8C86C85D-51AD-41E2-89A2-7B554982EC3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8ED8EBC9-8286-4EC4-9407-30F499EFF18B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{8F51B513-9A1B-4E78-89A7-3FFFB53239FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9003B748-4823-4C6A-8FDD-1745753480AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91E6D03F-C6FC-42C0-A000-2E6730A82C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{9210BCFD-042D-426D-A965-E65814817BE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{927AF75E-EF2B-456D-BA43-9419DCFAEAFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92A40FCA-4C27-4E39-9B12-9206D97EFEC2}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{941A2798-FBDD-4EE3-8751-ACECF6968484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{95A7C7F6-8333-4912-B683-04DE8BAB3922}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9764EEC2-78B9-462D-BEF2-F18356BB9A04}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{98F2BED0-4A2F-4CE3-8622-8FADAEBF3938}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9B5E295E-2109-4670-88F1-F2698DEEC313}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9B8F5E26-BF6D-4C46-BFEE-BBD13E1081C2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{9C154856-9A0E-43DB-BD9F-1356BA035F1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C417B07-3BE8-493C-B633-58C313B9BDBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{9D1B6406-74FC-4978-8BB4-DBDD6F9C37E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\register\register.htm |
"{9DE9C7CB-A68E-4E6E-82D5-2C50AB961811}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{9F3259B3-B338-4FF4-A447-C203B5B62C5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A0A3D469-A4FC-4F3A-BA25-865D38FC7E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{A13474E9-60C2-4A75-B0AB-CD76FFE8991A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{A308EE2C-15EA-4331-97FB-3BC01F69A021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A34F4343-9BA0-4D9F-B060-AF99CD7E996A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3968AAB-F3C7-45AB-9E91-67696D8BDBD7}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A40ECB72-D795-4033-98B9-A033C8E63BA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A510A42A-82B7-4D76-8EA4-991803B6941F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{A7A889F9-FC75-421A-95D1-E442F3AFBB91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8730319-9AB4-4E96-86B2-A42F6FD6ECC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{A903540D-D3A8-4708-8C1D-3435DB68B5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\galaxy on fire 2 hd\gof2launcher.exe |
"{AA494942-A400-484B-AFA7-2AD03AB3C26C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{AB041F1D-29BD-426B-AD22-1A361F4D3148}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\gamesetup.exe |
"{AEA49DD6-F2C5-4689-9065-18B18AB0A7C3}" = protocol=58 | dir=out | [email protected],-28546 |
"{AEDA2A60-1FE3-466B-8A32-C913FE9F6A90}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B22F1D9C-0132-4073-B902-6361F98B44C4}" = protocol=6 | dir=out | app=system |
"{B2FD3EDC-EBC0-49F7-916D-38C3281BBCE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{B5DBBFAB-4C0E-4BCA-956E-DEB3CB5400EE}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\starcraft ii beta.exe |
"{B78C981A-3A1D-4C5B-BDBB-05BBA01BEDDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7DBBDD2-8376-4695-8EAF-02DAF3325FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{B7DFAA4A-8EF0-4689-9AE7-59D3FF504706}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{B985783E-2F85-41D9-85EC-954E28271375}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{B99E79BC-7329-43A0-881C-CCFC297F4F40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{BA47835E-9FFE-4277-904D-7020BB4BE2DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAD96FEC-CB35-4C72-AEB9-B180DFD44F0B}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{BB193D34-932A-4190-8E3A-4564AEC649A0}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{BC6804E2-8D6F-4417-A9C0-B1DC831829D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{BCB25D5C-85E1-4B3A-9A60-00BD04ED8057}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BD591403-920E-4558-AF21-EB901ADB7F2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{C0E6CAC0-3770-49DC-AF65-50ABB7441069}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{C1023864-23F2-45DA-994B-D49CCB8E62A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{C20A8BA2-3CBA-421E-8CA6-CAB101B958C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C20E0B96-7099-49FB-AB58-CDDA6831C55D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{C223071B-6286-4D38-BC68-F7BC35E0E9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{C7210B5D-05C9-4BBF-8E24-EDA3349437D6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{C8E019D5-579A-4CE3-9432-C7F9BF49F0A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C8E31C2E-9909-46E0-9BF7-46B8C7765182}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\register\register.htm |
"{C9DAE7A9-122B-4D9E-9017-3C34F95FAE9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{CAEC267E-D9CD-49F5-97B7-5AB3B7C0CF43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCCEDBAB-DEF0-408B-B1B5-6AF5731666D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{CD3857A9-9DD8-4416-A122-E869A937A09E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{CD39AE4E-6AAB-455D-BDF0-3FB85B046DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D0DBC957-9FA6-41DD-ABD3-45C04E787F24}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{D1ABAF91-BCB3-489E-8ECE-3329BE8905A1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8422997-2F4B-4908-8444-B2BDA3318B27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{D978BF31-61E7-493B-BB2E-41C50D3DDCD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{DB8EE24B-A69D-4A91-A248-170EB8463BED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{DBC3C4EA-549C-4BF7-91E4-7ECCEA6AD51F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{DD040063-1251-488D-A952-578B6A4A4D56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{DD3418C0-F20C-45FD-8AD1-7B579FCABBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{DDF35973-2A0E-4FCD-951B-EFF47DE0D042}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{DEFA8A9E-5992-4FCE-8D79-DC59F95FD81C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1384151-40CD-419B-AD48-0DD3151DC0B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E1AB64A2-0399-43DC-9E59-5E2AE25DC81F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{E3F42C6A-A09B-4BC5-A323-1C5CF497DCC9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E42F2F44-4C75-46A8-A2AE-CE7E72653C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{E51EDCCA-DCB3-4903-BAF9-73791B8DC07C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7641C9C-E327-48B6-8128-955E0C5427D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{E77317B4-43A6-415D-AF42-04F124E541A3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{E9356DD1-5E68-4DF9-90AC-11B373B4103C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{EB9B3CDD-AFFB-4D13-86B7-F74A9FC3598B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{EBADD4AE-BB95-447F-81DD-BFAB37C68406}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F433828F-1C10-4253-9AD9-3E814DF9BEFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F492A47C-8E83-4986-875E-E7F754FEC1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{F6A34E37-872B-4BB4-B3F4-DF4FBAB2E335}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{F7693F33-E25D-4123-9DAB-4AD62111112E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8D4175C-6183-4346-80BF-8025B1D98B69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{FA172E1A-DF8D-4855-89E3-EBA99B59DD23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{FC09E521-7060-4370-B653-0FB0D23CA998}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC63EC9E-CD18-41F3-BD83-B94FD101BFE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FD3FFE3E-F248-4D7D-8C8C-C8ADBC834924}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{FD7F96ED-1CD8-421A-A3BA-0180F23623BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{FE08F4AD-5D41-48D2-A43A-F92C1656CC5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFDDBE15-BED6-4A39-BBA3-BC4465570836}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0FAC0B49-5AE4-4FA9-9F02-30A3CB48156C}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{1883F121-468A-4EC0-9B8B-E3B6A04BA3C4}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{247D1341-E411-4B00-A9BC-C3947B50AC31}C:\users\kevin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{31A08839-7577-49C6-BF18-9DA042487186}C:\users\kevin\desktop\oovoo.exe" = protocol=6 | dir=in | app=c:\users\kevin\desktop\oovoo.exe |
"TCP Query User{35CE5BBD-797D-491D-879A-F311AD592EFD}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{37C02E25-5E85-4B91-A3B9-CF91E1617CB2}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{3A2E5946-09FC-4407-9242-0092137CD2E0}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"TCP Query User{458A39EB-0E8D-4B1F-ADD3-503A75830E8F}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{5359E4F4-7DFB-4ACB-ACAE-6EB42B58D2ED}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"TCP Query User{57DDD1F4-082F-4A6D-9277-E29572ABC8AD}C:\program files (x86)\starcraft ii 2012 beta\versions\base24764\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\versions\base24764\sc2.exe |
"TCP Query User{71939557-2F9E-403E-93E5-822BC63A034E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{813AE95A-8CE2-4C3F-AC9C-180D56BEE818}C:\program files (x86)\origin games\dead space 3\deadspace3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"TCP Query User{882E179A-10D7-418B-8E26-819DE50B87E2}C:\programdata\battle.net\agent\agent.2045\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"TCP Query User{8B49BD58-AF74-4696-99CB-D009C1EF946D}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"TCP Query User{A55CAF68-7FBB-4E0A-838F-963C69D82C00}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{B4D8026A-4850-46B3-83B6-6A080A557B8A}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{C9E2A44C-CFA8-4D39-9863-C123A1CFFD9C}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{CAB70D77-38FD-4E87-8B28-1B89864A55C1}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{D989E850-7D44-4F3A-BE96-F952E38596F5}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{DDDF4EA0-E1A7-4581-A34D-821DF34667FE}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{E36E5472-50D6-497E-92BE-9967CEB862F1}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{EA72DDD8-40E3-4D27-9447-1FC06024F0F5}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{EC56ED5D-8DC9-4B44-B099-CCCFFD517838}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{065522B5-142F-4B9B-8CB8-0DEC8A724F91}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{0DC24AE9-FECD-4482-B139-AC7C26DBD46F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{18598BBC-1ECE-4AF6-BDE9-88178570B945}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{30DC844C-8314-4599-9466-5EBF03892FA7}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{326CA237-9F7A-4DF6-B355-84FDA001BBCD}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{3B060A49-5925-45A5-B19E-7D2A1DDE5255}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{4C15DE61-15AD-41EE-9B80-5FEA61DC3C95}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{4C19284C-4C33-4232-BF4A-BB6397F7A1B4}C:\users\kevin\desktop\oovoo.exe" = protocol=17 | dir=in | app=c:\users\kevin\desktop\oovoo.exe |
"UDP Query User{52D04E85-6086-4FEE-949F-B64F1D4181E6}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{6C6E9951-A362-4867-9041-A3C07AAC75E9}C:\program files (x86)\starcraft ii 2012 beta\versions\base24764\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\versions\base24764\sc2.exe |
"UDP Query User{751A0C76-5C23-4150-8F5E-57B78084AE17}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"UDP Query User{75A4CC91-5073-4BC7-A5D2-0653892A17D6}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{850510E1-A198-4882-8446-37C7494F7FDC}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{871F0265-643A-4CA7-A2A6-EE3316E35A46}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"UDP Query User{9323A963-012A-4E93-9AD6-FA38551CB746}C:\program files (x86)\origin games\dead space 3\deadspace3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"UDP Query User{94F6D877-C7BE-48B9-9877-F58D3973981E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{B5CAE027-7E46-425E-9E79-9DD1C47243EC}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{CFB3D4FA-BC7C-4FD2-81F3-14E0DD0B201E}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{DACA56DE-F505-4829-B86A-D7E23B24C2A0}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{DC1E07BF-98D5-4D6A-9C27-28739B308B14}C:\programdata\battle.net\agent\agent.2045\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"UDP Query User{DCEC73EC-2F5C-4099-99D6-3106123EA213}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{EECAF1EF-BDA0-46F4-A051-5A51FD30D011}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{FA3F039C-DCC2-472A-A28A-597E47BAEA3B}C:\users\kevin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver
"{42719DC3-4982-47DD-B025-B21C4BDD504D}" = HP Security Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel® Smart Connect Technology 2.0 x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2D0B67F-8032-4E11-87C6-C8C721D331B3}" = Intel® PROSet/Wireless WiFi Software
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics ClickPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass PE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{B431C2DC-1119-40F2-9EDD-55E384FE91AD}" = XSplit Broadcaster
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}" = HP Documentation
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}" = Blio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Crescendo" = Crescendo Music Notation Editor
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Glary Utilities_is1" = Glary Utilities 2.47.0.1539
"Hearthstone" = Hearthstone
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 202170" = Sleeping Dogs™
"Steam App 212010" = Galaxy on Fire 2™ Full HD
"Steam App 221640" = Super Hexagon
"Steam App 233270" = Far Cry® 3 Blood Dragon
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"Steam App 4420" = Silverfall
"Steam App 45700" = Devil May Cry 4
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8870" = BioShock Infinite
"Uplay" = Uplay
"VIP Access SDK" = VIP Access SDK (1.1.0.4)
"VLC media player" = VLC media player 2.1.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.5
"WTA-114e0ff9-5420-434d-97e0-463711f675b5" = Virtual Villagers 4 - The Tree of Life
"WTA-1216a11f-e12f-484b-b19f-b456ed8a3f68" = John Deere Drive Green
"WTA-1dac2767-86a2-4efe-b8ee-0f27b78785a9" = Farm Frenzy
"WTA-35e956ed-0861-45bd-bc86-76c09f661d46" = Polar Bowler
"WTA-40e67e70-41d4-4702-98c9-190f2799f513" = Final Drive Fury
"WTA-4450d14e-c14c-4930-b05e-e8d3396c5331" = Polar Golfer
"WTA-4dbc4b46-bac3-458d-b870-224dd08f65e8" = Hoyle Card Games
"WTA-5caa29d2-517e-4c2c-9ac3-cc13f62c76c5" = Jewel Match 3
"WTA-6e3b29f7-68d7-4071-a1ad-5877c6ae0567" = Poker Superstars III
"WTA-6e797b56-12d6-4f10-8eab-32be989e4a54" = RollerCoaster Tycoon 3: Platinum
"WTA-7310b369-f669-4c4b-9520-a760779dab37" = Cradle of Rome 2
"WTA-7c4657c4-c622-447d-b75f-41aa2beb8e5e" = Torchlight
"WTA-97017500-dcfc-4247-8184-14bae028c9ab" = Zuma's Revenge
"WTA-a48b2e5a-0aa7-4427-880e-ad6fecfcda18" = Mah Jong Medley
"WTA-afce5a28-b494-4148-aaf4-acbb9111a78d" = Bejeweled 3
"WTA-b6f1e658-66db-49cc-a8fe-2c4a0a62caa8" = Plants vs. Zombies - Game of the Year
"WTA-b8760724-b985-43d2-9c0c-595a8fdf05b1" = Farmscapes
"WTA-be369690-48f5-43e7-ab53-f40c347cb01c" = Blackhawk Striker 2
"WTA-c6e37aea-1af9-4e53-bf77-82f7ada4d129" = Luxor HD
"WTA-cdd523b0-a421-44af-b45a-52f43fda3026" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-cea0b590-d6e3-4c98-af89-92f73aab3644" = Dora's World Adventure
"WTA-d0d06a65-6db1-4167-a2ca-966c0ab10546" = Penguins!
"WTA-eca631d4-3bb1-4401-9d73-d0ad0896da21" = Chuzzle Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome
"HappyCloud" = Happy Cloud Client
"Spotify" = Spotify
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2013 8:44:11 PM | Computer Name = Kevin-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/9/2013 9:29:43 AM | Computer Name = Kevin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 3.13.0.399,
time stamp: 0x526ed0a3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x41700000 Faulting process id:
0x2b10 Faulting application start time: 0x01cedd4c12e449b9 Faulting application path:
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League
of Legends.exe Faulting module path: unknown Report Id: fda22d3c-4942-11e3-a0a5-685d438ec712

Error - 11/9/2013 5:05:46 PM | Computer Name = Kevin-HP | Source = ISCT Agent | ID = 1003
Description =

Error - 11/9/2013 5:05:46 PM | Computer Name = Kevin-HP | Source = ISCT Agent | ID = 1003
Description =

Error - 11/9/2013 5:05:47 PM | Computer Name = Kevin-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/13/2013 5:54:51 AM | Computer Name = Kevin-HP | Source = Google Update | ID = 20
Description =

Error - 11/13/2013 8:54:51 AM | Computer Name = Kevin-HP | Source = Google Update | ID = 20
Description =

Error - 11/15/2013 9:03:06 PM | Computer Name = Kevin-HP | Source = Application Hang | ID = 1002
Description = The program League of Legends.exe version 3.13.0.399 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9588 Start
Time: 01cee2677babab3f Termination Time: 6 Application Path: C:\Riot Games\League
of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League
of Legends.exe Report Id: bdc3c6ca-4e5a-11e3-b3ea-685d438ec712

Error - 11/17/2013 10:07:13 PM | Computer Name = Kevin-HP | Source = ISCT Agent | ID = 1003
Description =

Error - 11/17/2013 10:07:13 PM | Computer Name = Kevin-HP | Source = ISCT Agent | ID = 1003
Description =

Error - 11/17/2013 10:07:13 PM | Computer Name = Kevin-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/22/2013 4:08:28 AM | Computer Name = Kevin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp:
0x515663e0 Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp:
0x5156646c Exception code: 0xc0000005 Fault offset: 0x0006dd76 Faulting process id:
0x5f6c Faulting application start time: 0x01cee72e1653fc0c Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 441130f6-534d-11e3-9d90-685d438ec712

Error - 11/23/2013 12:16:30 AM | Computer Name = Kevin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp:
0x515663e0 Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp:
0x5156646c Exception code: 0xc0000005 Fault offset: 0x0006dd76 Faulting process id:
0x860c Faulting application start time: 0x01cee7da90f30be0 Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 068b1a4d-53f6-11e3-9d90-685d438ec712

Error - 11/27/2013 3:41:24 AM | Computer Name = Kevin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: SupremeCommander2.exe, version: 0.0.0.0,
time stamp: 0x4f46f777 Faulting module name: igdumd32.dll, version: 8.15.10.2712,
time stamp: 0x4f712049 Exception code: 0xc0000005 Fault offset: 0x00001773 Faulting
process id: 0x10448 Faulting application start time: 0x01ceeb42faf49bb6 Faulting
application path: C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander
2\bin\SupremeCommander2.exe Faulting module path: C:\Windows\system32\igdumd32.dll
Report
Id: 501dcc84-5737-11e3-9d90-685d438ec712

[ Hewlett-Packard Events ]
Error - 11/7/2012 4:45:32 AM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 30 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/7/2012 4:56:31 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 40 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/8/2012 6:20:32 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 30 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/8/2012 10:19:29 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/9/2012 5:43:45 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/10/2012 1:35:17 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/10/2012 5:53:18 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 40 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/10/2012 11:58:13 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 40 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/11/2012 5:01:37 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 40 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

Error - 11/11/2012 6:12:36 PM | Computer Name = Kevin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

at HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6046 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()

[ Media Center Events ]
Error - 8/6/2012 2:27:36 AM | Computer Name = Kevin-HP | Source = MCUpdate | ID = 0
Description = 11:27:33 PM - Error connecting to the internet. 11:27:33 PM - Unable
to contact server..

Error - 9/23/2012 5:08:14 PM | Computer Name = Kevin-HP | Source = MCUpdate | ID = 0
Description = 2:08:09 PM - Error connecting to the internet. 2:08:09 PM - Unable
to contact server..

[ System Events ]
Error - 1/23/2014 2:39:53 AM | Computer Name = Kevin-HP | Source = bowser | ID = 8003
Description =

Error - 1/24/2014 2:36:45 PM | Computer Name = Kevin-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 1/25/2014 8:09:10 AM | Computer Name = Kevin-HP | Source = bowser | ID = 8003
Description =

Error - 1/26/2014 5:52:58 PM | Computer Name = Kevin-HP | Source = bowser | ID = 8003
Description =

Error - 1/27/2014 4:58:03 AM | Computer Name = Kevin-HP | Source = bowser | ID = 8003
Description =

Error - 1/28/2014 11:50:27 PM | Computer Name = Kevin-HP | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/29/2014 1:30:39 AM | Computer Name = Kevin-HP | Source = DCOM | ID = 10010
Description =

Error - 1/29/2014 1:33:51 AM | Computer Name = Kevin-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Centrino® Wireless Bluetooth® + High Speed Service service to connect.

Error - 1/29/2014 1:33:51 AM | Computer Name = Kevin-HP | Source = Service Control Manager | ID = 7000
Description = The Intel® Centrino® Wireless Bluetooth® + High Speed Service service
failed to start due to the following error: %%1053

Error - 1/29/2014 2:52:28 AM | Computer Name = Kevin-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.111. The computer with the IP address 192.168.0.112 did
not allow the name to be claimed by this computer.

< End of report >

#5
archon4

Posted 29 January 2014 - 06:25 PM

New Member

Topic Starter
Member
8 posts

I also want to let you know, I ran Malwarebytes again before my opening post, this time it DID find the file that was taking up my CPU and it cleared it. I do not see the process active when I open my task manager. However, my laptop is still insanely slow and is very loud most of the time, which usually does not happen.

Update: The notification that prompts me to download a file is still popping up, so I guess the process that was removed was not the entire file. The file name that the notification is asking me to download has the name "PCKeeperInstaller.exe".

Edited by archon4, 29 January 2014 - 08:48 PM.

#6
Machiavelli

Posted 30 January 2014 - 09:52 AM

GeekU Moderator

GeekU Moderator
4,722 posts

I also want to let you know, I ran Malwarebytes again before my opening post, this time it DID find the file that was taking up my CPU and it cleared it.

Please post the Logfile. How to do that? Start MBAM and go to the Logs tab - select the correct Log and select Open.

OTL Fix

Run OTL. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CreateRestorePoint]

:OTL
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-22 19:14:57&v=12.1.0.20&sap=dsp&q={searchTerms}
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Google] C:\Users\Kevin\AppData\Local\ESN\Google\mloenlepno.dll ()
O4 - HKCU..\Run: [Huedz] C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (IirDoramkel S.R.L.)
O4 - HKCU..\Run: [Qwmics] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O33 - MountPoints2\{2b8695b9-d202-11e2-8720-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{2b8695b9-d202-11e2-8720-685d438ec712}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{311e133d-0234-11e3-922d-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{311e133d-0234-11e3-922d-685d438ec712}\Shell\AutoRun\command - "" = G:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{b5ba5400-1703-11e2-bdf5-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{b5ba5400-1703-11e2-bdf5-685d438ec712}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f2f88b67-da7c-11e1-9a9d-685d438ec712}\Shell\install\command - "" = F:\SETUP.EXE
[2014/01/28 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Iwpolyi

:Files
C:\Users\Kevin\AppData\Local\ESN

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

Then, please go to your root drive (C:\). There is a folder called _OTL (C:\_OTL). Right click on _OTL >> Send to >> ZIP - compromised folder. Please send me that folder via PM. (Attach it to a PM). PM = Private Message. Please report how the computer is behaving after the fix.

#7
archon4

Posted 30 January 2014 - 08:17 PM

New Member

Topic Starter
Member
8 posts

Here is the MBAM log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Kevin :: KEVIN-HP [administrator]

1/29/2014 10:23:35 AM
mbam-log-2014-01-29 (10-23-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 582923
Time elapsed: 1 hour(s), 39 minute(s), 1 second(s)

Memory Processes Detected: 4
C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (Trojan.Zbot.FBD) -> 4760 -> Delete on reboot.
C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (Trojan.Zbot.FBD) -> 1836 -> Delete on reboot.
C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (Trojan.Zbot.FBD) -> 31456 -> Delete on reboot.
C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (Trojan.Zbot.FBD) -> 32088 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Huedz (Trojan.Zbot.FBD) -> Data: C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Kevin\AppData\Roaming\Iwpolyi\anleyz.exe (Trojan.Zbot.FBD) -> Delete on reboot.
C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_23e539bc.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.

(end)

#8
archon4

Posted 30 January 2014 - 08:24 PM

New Member

Topic Starter
Member
8 posts

Here is the log after running a quick scan.

kedOTL logfile created on: 1/30/2014 6:18:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 43.86% Memory free
11.81 Gb Paging File | 7.35 Gb Available in Paging File | 62.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.10 Gb Total Space | 141.15 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 19.35 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS

Computer Name: KEVIN-HP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/29 00:59:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
PRC - [2014/01/16 15:37:46 | 009,044,016 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Battle.net\Battle.net.4124\Battle.net.exe
PRC - [2014/01/16 15:37:27 | 008,830,512 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\Kevin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/10/15 15:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/18 18:19:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/08/14 16:42:29 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/08/04 17:19:28 | 035,253,824 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2013/02/07 08:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/03/27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/03/27 07:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/10 15:18:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/02/08 10:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/08 10:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/08 10:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 17:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/27 17:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/22 21:57:00 | 000,399,640 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/22 21:56:59 | 013,615,896 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
MOD - [2014/01/22 21:56:56 | 004,055,320 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/22 21:56:02 | 000,715,544 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
MOD - [2014/01/22 21:56:01 | 000,100,120 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\libegl.dll
MOD - [2014/01/22 21:55:58 | 001,634,584 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2014/01/16 15:37:45 | 026,118,656 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libcef.dll
MOD - [2014/01/16 15:37:45 | 000,739,840 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libGLESv2.dll
MOD - [2014/01/16 15:37:45 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.4124\libEGL.dll
MOD - [2013/12/13 21:00:16 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/12/13 09:53:22 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/12/13 09:52:21 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll
MOD - [2013/12/13 09:52:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/12/13 09:51:19 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/12/13 09:51:14 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/12/13 09:51:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/12/13 09:50:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
MOD - [2013/02/07 08:19:50 | 000,019,240 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
MOD - [2010/11/20 19:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/07 22:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV:64bit: - [2012/11/05 17:23:28 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/02/26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 04:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 04:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/17 15:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/16 09:39:46 | 000,570,280 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/18 18:19:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:19:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/08 10:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 10:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 10:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/06 17:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/30 12:38:02 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/06/04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 08:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/12/03 16:03:09 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/03 16:03:08 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/11/05 17:23:28 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/11/05 17:19:23 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 14:31:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/05 18:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 18:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/23 14:53:21 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/06/06 20:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 17:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 18:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 17:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/24 18:44:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/24 18:44:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/21 10:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/03/01 17:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 08:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/02/13 07:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/02/09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012/02/07 09:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/27 17:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 17:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 17:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/27 09:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/26 17:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 17:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 11:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/27 23:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2011/12/06 19:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/29 17:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/15 14:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/01/17 15:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2011/12/02 17:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS -- (NAVEX15)
DRV - [2011/12/02 17:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS -- (NAVENG)
DRV - [2011/11/28 12:48:56 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/23 09:56:38 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Kevin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/07/22 16:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2014/01/30 12:40:08 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Website Logon = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: Google Wallet = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C8E6FE-6647-4D87-96D4-2C4914BF2B43}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AA0590-88AB-45B3-976D-9A8B80EDCB72}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/30 08:57:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/25 23:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2014/01/20 13:52:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/13 10:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013/10/27 19:49:53 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Kevin\AppData\Local\BcsKtYcHW.dll
[1 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/30 18:18:33 | 000,504,485 | ---- | M] () -- C:\Users\Kevin\Desktop\_OTL.zip
[2014/01/30 18:13:49 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000UA.job
[2014/01/30 18:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000Core.job
[2014/01/30 16:53:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000UA.job
[2014/01/30 13:53:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3447221788-3849077649-666514658-1000Core.job
[2014/01/30 12:45:13 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/30 12:45:13 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/30 12:43:43 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/30 12:43:43 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/30 12:43:43 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/30 12:38:02 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/30 12:38:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2014/01/30 12:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 12:37:52 | 460,042,239 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 02:41:52 | 000,007,596 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2014/01/29 01:25:31 | 000,002,368 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2014/01/28 19:50:42 | 000,000,600 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\winscp.rnd
[2014/01/28 19:50:23 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKevin.job
[2014/01/28 11:52:40 | 000,000,600 | ---- | M] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2014/01/16 23:04:18 | 002,056,274 | ---- | M] () -- C:\Users\Kevin\Desktop\12-1 ARENA HS.PNG
[2014/01/16 22:58:33 | 002,355,013 | ---- | M] () -- C:\Users\Kevin\Desktop\11 WINS HS.PNG
[2014/01/15 21:18:19 | 000,312,881 | ---- | M] () -- C:\Users\Kevin\Desktop\Sonate_No._17_Tempest_3rd_Movement.pdf
[2014/01/13 10:08:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2014/01/07 21:21:20 | 036,081,285 | ---- | M] () -- C:\Users\Kevin\Desktop\Introduction to Linear Algebra, 4th edition (1).pdf
[1 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/30 18:18:33 | 000,504,485 | ---- | C] () -- C:\Users\Kevin\Desktop\_OTL.zip
[2014/01/16 23:04:17 | 002,056,274 | ---- | C] () -- C:\Users\Kevin\Desktop\12-1 ARENA HS.PNG
[2014/01/16 22:58:32 | 002,355,013 | ---- | C] () -- C:\Users\Kevin\Desktop\11 WINS HS.PNG
[2014/01/15 21:18:19 | 000,312,881 | ---- | C] () -- C:\Users\Kevin\Desktop\Sonate_No._17_Tempest_3rd_Movement.pdf
[2014/01/13 11:25:37 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\winscp.rnd
[2014/01/13 10:08:16 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
[2014/01/13 10:08:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2014/01/08 23:58:17 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2014/01/07 21:21:18 | 036,081,285 | ---- | C] () -- C:\Users\Kevin\Desktop\Introduction to Linear Algebra, 4th edition (1).pdf
[2013/10/27 19:49:50 | 000,893,239 | ---- | C] () -- C:\Users\Kevin\AppData\Local\a.zip
[2013/08/17 09:21:59 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/17 09:21:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/20 14:37:22 | 000,000,173 | ---- | C] () -- C:\Users\Kevin\AppData\Local\msmathematics.qat.Kevin
[2013/02/25 00:30:12 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/25 00:30:12 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2012/11/05 17:19:29 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/11/05 17:19:29 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/11/05 17:19:28 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/11/05 17:19:28 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/04 23:42:54 | 000,007,596 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2012/03/24 19:00:16 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = \\?\globalroot\Device\HarddiskVolume2\Users\Kevin\AppData\Local\Temp\sswmrqr\selymdv\wow.dll

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/08 05:35:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Audacity
[2013/12/12 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Battle.net
[2013/04/20 01:06:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Bioshock2
[2012/07/22 16:08:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Blio
[2013/10/27 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Catalina – Print Savings
[2012/10/07 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite
[2012/10/10 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Downloaded Installations
[2013/04/20 01:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\fltk.org
[2013/03/11 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Galaxy on Fire 2 Full HD
[2012/07/22 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GlarySoft
[2012/07/22 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IDT
[2012/07/28 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2012/09/15 00:23:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2012/11/19 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\MusE
[2013/08/16 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OBS
[2012/07/22 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ooVoo Details
[2013/09/14 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin
[2013/08/16 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SplitMediaLabs
[2013/08/14 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Spotify
[2012/07/22 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Synaptics
[2012/11/25 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab
[2012/12/12 04:09:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\The Creative Assembly
[2013/02/21 02:34:35 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WildTangent
[2014/01/19 03:37:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\XBMC

========== Purity Check ==========

< End of report >

#9
Machiavelli

Posted 31 January 2014 - 08:47 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Warning
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Step 1: MBAM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the MBAM icon and select Run as Administrator)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2: ESET

Please disable your AntiVirus before doing these steps!

If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
This will only work for Internet Explorer or FireFox
Please download ESET Online Scanner from here

How to do this?

Visit this website here
You will see a screen like this:
- Click Run ESET Online Scanner
- A Window will open (see above) - please click on the link
- A window will pop up - please download the file to your Desktop
- When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
- Tick the box next to YES, I accept the Terms of Use then click on: Start
- You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Remove found threats is NOT checked.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Then click on Start
- virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- After the scan is finished please click on Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
- ESET Online Scanner

Step 3: Security Check

Please download Security Check from one of the links below and save it to your Desktop.

Download Mirror #1

Double-click SecurityCheck.exe and follow the on-screen instructions. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Security Check icon and select Run as Administrator)
A text file, checkup.txt, will open when the scan is finished.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 4: Question

How is your computer running? Any issues?

#10
archon4

Posted 31 January 2014 - 12:42 PM

New Member

Topic Starter
Member
8 posts

Here is the MBAM scan

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Kevin :: KEVIN-HP [administrator]

1/31/2014 10:26:19 AM
mbam-log-2014-01-31 (10-26-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254965
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11
archon4

Posted 31 January 2014 - 01:17 PM

New Member

Topic Starter
Member
8 posts

Okay, thank you. I will try reformatting over this weekend, it may take me 2 days for me to do it(or find the resources to). I will let you know whether or not it was successful. Thank you very much for you help!

#12
Machiavelli

Posted 31 January 2014 - 01:35 PM

GeekU Moderator

GeekU Moderator
4,722 posts

You are most welcome and :thumbsup:

#13
archon4

Posted 05 February 2014 - 01:23 AM

New Member

Topic Starter
Member
8 posts

Hi,
I have finished reformatting and everything seems to be working fine. There was just one problem. I tried entering the product key on the bottom of my laptop to reinstall microsoft office but it keeps rejecting the code? Thank you very much for your time.

#14
Machiavelli

Posted 05 February 2014 - 06:58 AM

GeekU Moderator

GeekU Moderator
4,722 posts

I tried entering the product key on the bottom of my laptop to reinstall microsoft office but it keeps rejecting the code?

You must use the key for Office, not from Windows. The Key should be in the Office box.

#15
Essexboy

Posted 10 February 2014 - 02:03 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.