Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help in making sure that Win32 and associated malware has been co

Started by Jack_Random , Jun 10 2014 08:23 PM

This topic is locked

#1
Jack_Random

Posted 10 June 2014 - 08:23 PM

Member

Member
10 posts

This past week when running SBS&D it caught both Win32 and Conduit, which I took care of with SBS&D, MBAM, and tdssKiller. However when I ran VRT, no matter what settings I use or whether or not Tea-Timer has been disabled, at ~14% it always crashes in what I think is one of my Steam sub-folders, but when I run it a second time even with the same settings it works normally. Furthermore something seems to be hogging up my memory about half the time I boot up my computer, however SBS&D, MBAM, tdssKiller, and VRT on the second run all come up with nothing. I would like a second opinon other then my own to make sure my computer really is clean and I'm just being paranoid.

Thanks in advance,

- Austin

Anti-Virus stuff I've used so far

- SBS&D

- MBAM

- tdssKiller

- VRT (not sure if I can trust the results)

OTL Log:

OTL logfile created on: 6/10/2014 10:13:26 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 46.73% Memory free
10.97 Gb Paging File | 8.00 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.77 Gb Total Space | 521.44 Gb Free Space | 56.69% Space Free | Partition Type: NTFS
Drive D: | 11.65 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-COMPUTER | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/04 13:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
PRC - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 13:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/10 01:29:14 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/02 20:15:17 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/29 13:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 13:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/10 01:29:14 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/10/02 20:15:16 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/04 05:26:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/24 14:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/10 01:29:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/01 14:59:48 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\55913095.sys -- (55913095)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/21 01:40:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/21 01:40:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/04 06:02:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/04 04:44:02 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/22 06:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 20:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/04 18:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 18:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/15 23:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {925822F3-686A-46DD-A484-5ECBB7287D09}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {925822F3-686A-46DD-A484-5ECBB7287D09}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{925822F3-686A-46DD-A484-5ECBB7287D09}: "URL" = http://search.condui...7132405245&UM=2
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.giantitp.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/27 18:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Extensions
[2014/06/04 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\u73ytljh.default\extensions
[2014/06/04 23:01:34 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\u73ytljh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 01:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 01:29:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/18 01:46:02 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GGL Scheduled Update] C:\Users\Austin\AppData\Roaming\zhklik.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_45811599.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53091398.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55913095.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61031464.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82193614.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6ED2CF-4C70-4F2C-910C-16556779192F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/09 20:33:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/06/04 20:51:15 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\TDSSKiller.exe
[2014/06/04 13:09:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2014/06/01 08:17:19 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55913095.sys
[2014/06/01 08:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/05/31 11:36:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/15 03:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/05/25 04:17:15 | 000,937,984 | ---- | C] (Razer USA Ltd) -- C:\Users\Austin\AppData\Roaming\wlrmghls.exe

========== Files - Modified Within 30 Days ==========

[2014/06/10 10:56:07 | 000,000,971 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_45811599.lnk
[2014/06/10 09:08:51 | 139,791,656 | ---- | M] () -- C:\Users\Austin\Desktop\setup_11.0.1.1245.x01_2014_06_10_15_25.exe
[2014/06/09 20:41:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 20:41:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 20:34:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/09 20:33:57 | 122,101,759 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/09 05:07:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAustin.job
[2014/06/05 12:39:04 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\TDSSKiller.exe
[2014/06/04 21:15:21 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/04 21:15:21 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/04 21:15:21 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/04 13:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2014/06/04 12:49:20 | 000,007,609 | ---- | M] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2014/06/02 23:05:56 | 000,000,971 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61031464.lnk
[2014/06/01 22:57:58 | 000,000,971 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82193614.lnk
[2014/06/01 21:55:57 | 000,000,971 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53091398.lnk
[2014/06/01 14:59:48 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55913095.sys
[2014/06/01 08:17:46 | 000,000,971 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55913095.lnk

========== Files Created - No Company Name ==========

[2014/06/10 10:56:07 | 000,000,971 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_45811599.lnk
[2014/06/10 09:07:55 | 139,791,656 | ---- | C] () -- C:\Users\Austin\Desktop\setup_11.0.1.1245.x01_2014_06_10_15_25.exe
[2014/06/03 14:19:18 | 000,007,609 | ---- | C] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2014/06/02 23:05:56 | 000,000,971 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61031464.lnk
[2014/06/01 22:57:58 | 000,000,971 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82193614.lnk
[2014/06/01 21:55:57 | 000,000,971 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53091398.lnk
[2014/06/01 08:17:46 | 000,000,971 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55913095.lnk
[2013/11/18 00:33:04 | 000,001,193 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/30 20:05:01 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/08/30 20:05:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/02 22:47:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Firefly Studios
[2012/03/04 00:23:25 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Leadertech
[2012/07/31 23:55:23 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/12/20 01:32:55 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Rags
[2013/04/19 10:50:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Red Alert 3 Uprising
[2013/11/16 12:27:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\RenPy
[2013/06/30 23:27:11 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Rogue Legacy
[2012/07/31 03:36:00 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\SoftGrid Client
[2013/07/17 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Sports Interactive
[2012/12/22 23:57:04 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\System
[2012/01/05 10:31:28 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\The Creative Assembly
[2011/12/27 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\TP
[2013/04/20 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Unity
[2011/12/29 09:35:17 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\WinBatch
[2012/12/25 02:10:41 | 000,000,000 | -HSD | M] -- C:\Users\Austin\AppData\Roaming\wyUpdate AU

========== Purity Check ==========

< End of report >

#2
23red

Posted 11 June 2014 - 08:05 AM

Trusted Helper

Malware Removal
1,797 posts

Hi Jack_Random

I'm 23red, and it'll be my pleasure to assist you with your problem. I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• Please make sure to carefully read every post completely before doing anything.

• If you're not sure, or if something unexpected happens do not continue! Stop and ask! It is not a problem.

• Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from your system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

• Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts. I do my best to respond as quick as I can. I, like everyone else here am also a volunteer and sometimes life keeps me busy

• Thank you for your understanding and I appreciate your patience.

Please allow some time to go through the log you posted. I'll post back as soon as possible.

#3
23red

Posted 11 June 2014 - 05:37 PM

Trusted Helper

Malware Removal
1,797 posts

Hi Jack_Random

Not a whole lot of junk left, let's clean out the rest:

Step 1

OTL Fix

Please right click on on your Desktop, choose Run as Administrator from the drop-down menu and accept UAC prompts.

Under
in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {925822F3-686A-46DD-A484-5ECBB7287D09}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {925822F3-686A-46DD-A484-5ECBB7287D09}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{925822F3-686A-46DD-A484-5ECBB7287D09}: "URL" = http://search.condui...7132405245&UM=2
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [GGL Scheduled Update] C:\Users\Austin\AppData\Roaming\zhklik.exe File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_45811599.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53091398.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55913095.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61031464.lnk = File not found
O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82193614.lnk = File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]

• Push the button.

• OTL may ask to reboot the machine. Please do so if asked.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

• Copy and Paste that report in your next reply, please

Step 2

ADWCleaner

1. Download adwcleaner from this link to your Desktop.

2. Right click on your Desktop, choose Run as Administrator.

3. Accept UAC prompt.

4. Accept AdwCleaner's Terms of Use. And the AdwCleaner window opens:

5. Click on the <~ Scan button and wait for the scan to finish.

6. After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good items

accidentally got picked up.

7. Once that is complete, click the <~ Clean button

8. Once it has finished Cleaning, click the <~ Report button to get the log.

9. Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.

10. Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Step 3.

Junkware Removal Tool

• Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.

• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

• The tool will open and start scanning your system.

• Please be patient as this can take a while to complete depending on your system's specifications.

• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

• Post the contents of JRT.txt into your next post.

When you return, please post:
1. OTL fix log
2. AdwCleaner[R0].txt.
3. JRT.txt

Thank you

#4
Jack_Random

Posted 12 June 2014 - 07:56 AM

Member

Topic Starter
Member
10 posts

OTL Fix Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EE99230-3224-4C64-83AC-AD3EF2AB282D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{925822F3-686A-46DD-A484-5ECBB7287D09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{925822F3-686A-46DD-A484-5ECBB7287D09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GGL Scheduled Update deleted successfully.
C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_45811599.lnk moved successfully.
C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53091398.lnk moved successfully.
C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55913095.lnk moved successfully.
C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61031464.lnk moved successfully.
C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82193614.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Austin\Desktop\cmd.bat deleted successfully.
C:\Users\Austin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Austin
->Temp folder emptied: 2227596 bytes
->Temporary Internet Files folder emptied: 72720656 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 471085873 bytes
->Flash cache emptied: 4410061 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328021 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 565.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06122014_094446

Files\Folders moved on Reboot...
C:\Users\Austin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Adw Cleaner Report

# AdwCleaner v3.212 - Report created 12/06/2014 at 10:00:44
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Austin - AUSTIN-COMPUTER
# Running from : C:\Users\Austin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Austin\AppData\Local\emaze
Folder Deleted : C:\Users\Austin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Austin\AppData\LocalLow\VisualBee_V.12
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E64640E-8340-4BFE-B05A-3D0A4233B8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{683F6260-33A1-4CCB-97B0-81408BA8B68F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.12
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\VisualBee_V.12

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\u73ytljh.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2874 octets] - [12/06/2014 09:58:20]
AdwCleaner[S0].txt - [2767 octets] - [12/06/2014 10:00:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2827 octets] ##########

JRT Report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Austin on Thu 06/12/2014 at 10:07:10.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\u73ytljh.default\minidumps [41 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/12/2014 at 10:13:37.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Jack_Random, 12 June 2014 - 08:15 AM.

#5
23red

Posted 12 June 2014 - 08:35 AM

Trusted Helper

Malware Removal
1,797 posts

Hi there

Excellent, thank you :thumbsup:

Let's see how it looks:

Step 1

Fresh OTL Scan

• Please right click on Run as Administrator, accept UAC prompts.

• Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• And under Extra Registry check also the radio dial by Use Safelist

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) both the two logs it produces in your next reply. One will be open, extras.txt will be minimized on the taskbar.

Step 2

SecurityCheck by Screen317:

Please also download Security Check by screen317.

• Save it to your Desktop.

• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

• A Notepad document should open automatically called checkup.txt; please also post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! Try rebooting the system and then run SecurityCheck again.

When you return please post:

1. OTL log

2. Extras.txt

3. Checkup.txt

4. How is the computer running?

Thank you

#6
Jack_Random

Posted 13 June 2014 - 02:20 PM

Member

Topic Starter
Member
10 posts

OTL Log

OTL logfile created on: 6/13/2014 3:44:32 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 73.48% Memory free
10.97 Gb Paging File | 9.28 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.77 Gb Total Space | 527.02 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
Drive D: | 11.65 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-COMPUTER | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/04 13:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
PRC - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 13:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/29 13:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 13:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/04 05:26:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/24 14:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/10 01:29:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/01 14:59:48 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\55913095.sys -- (55913095)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/21 01:40:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/21 01:40:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/04 06:02:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/04 04:44:02 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/22 06:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 20:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/04 18:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 18:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/15 23:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-40889351-2054760772-4028562235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.giantitp.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/27 18:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Extensions
[2014/06/04 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\u73ytljh.default\extensions
[2014/06/04 23:01:34 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\u73ytljh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 01:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 01:29:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/18 01:46:02 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-40889351-2054760772-4028562235-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-40889351-2054760772-4028562235-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6ED2CF-4C70-4F2C-910C-16556779192F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/12 10:07:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/12 10:05:47 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Austin\Desktop\JRT.exe
[2014/06/12 09:57:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/12 09:55:32 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/12 09:55:31 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/12 09:55:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/12 09:55:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/12 09:55:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/12 09:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/12 09:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/12 09:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/12 09:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 09:55:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/12 09:55:29 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/12 09:55:29 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/12 09:55:27 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/12 09:55:27 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/12 09:55:27 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/12 09:55:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/12 09:55:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/12 09:55:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/12 09:55:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/12 09:55:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/12 09:55:26 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/12 09:55:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/12 09:55:25 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/12 09:55:24 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/12 09:55:24 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/12 09:55:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/12 09:55:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/12 09:55:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/12 09:55:23 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/12 09:55:23 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/12 09:55:23 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/12 09:55:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/12 09:55:22 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/12 09:55:22 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/12 09:55:22 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/12 09:55:22 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/12 09:55:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/12 09:55:21 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/12 09:55:21 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/12 09:55:03 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/12 09:55:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/12 09:44:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/09 20:33:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/06/04 20:51:15 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\TDSSKiller.exe
[2014/06/04 13:09:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2014/06/01 08:17:19 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55913095.sys
[2014/06/01 08:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/05/31 11:36:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/15 03:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 20:29:34 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 20:29:32 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 20:29:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 20:29:30 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 20:29:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 20:29:29 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 20:29:28 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 20:29:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 20:29:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 20:29:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 20:29:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 20:29:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 20:29:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 20:29:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 20:29:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 20:29:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 20:29:27 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 20:29:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 20:29:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 20:29:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 20:29:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 20:29:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 20:29:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/05/25 04:17:15 | 000,937,984 | ---- | C] (Razer USA Ltd) -- C:\Users\Austin\AppData\Roaming\wlrmghls.exe

========== Files - Modified Within 30 Days ==========

[2014/06/13 10:30:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 10:30:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 10:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/13 10:03:19 | 122,101,759 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/13 05:07:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAustin.job
[2014/06/12 10:05:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Austin\Desktop\JRT.exe
[2014/06/12 09:57:10 | 001,333,465 | ---- | M] () -- C:\Users\Austin\Desktop\AdwCleaner.exe
[2014/06/08 05:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 05:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/05 12:39:04 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\TDSSKiller.exe
[2014/06/04 21:15:21 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/04 21:15:21 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/04 21:15:21 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/04 13:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2014/06/04 12:49:20 | 000,007,609 | ---- | M] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2014/06/01 14:59:48 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55913095.sys
[2014/05/30 06:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 05:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 05:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 05:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 05:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 05:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 05:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 05:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 05:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 05:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 05:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 04:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 04:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 04:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 04:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 04:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 04:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 04:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 04:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 04:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 04:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 04:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 04:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 04:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 04:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 04:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 04:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 04:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 03:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 03:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 03:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 03:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014/06/12 09:57:01 | 001,333,465 | ---- | C] () -- C:\Users\Austin\Desktop\AdwCleaner.exe
[2014/06/03 14:19:18 | 000,007,609 | ---- | C] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2013/11/18 00:33:04 | 000,001,193 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/30 20:05:01 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/08/30 20:05:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras

OTL Extras logfile created on: 6/13/2014 3:44:32 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 73.48% Memory free
10.97 Gb Paging File | 9.28 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.77 Gb Total Space | 527.02 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
Drive D: | 11.65 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-COMPUTER | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-40889351-2054760772-4028562235-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18196183-31CE-4A70-91FF-6E782FDA6ECA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5E82DC66-1372-4C4A-A7B7-E5967536022B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B64E83A8-C74A-4E5D-8983-27FE374483A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00346A10-EA2D-4A78-A514-02195287A79D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sengoku\sengoku.exe |
"{012B5158-57EB-46FA-81F3-E9D0B2152788}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{0134E30D-4BC3-46B0-8A0A-2B6306534745}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii\guildii.exe |
"{01E4242A-4D68-40B2-B11C-BBE71A0F4C41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{039BF878-89DE-4CE7-B083-B2E375782C52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{0477A589-7343-451D-96CB-2DF6E4E49C31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{04FE2A42-3FA1-4066-9094-6AAB1751CEC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{05575342-2DAF-4231-B018-59B604B861AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{0590642B-908D-4FAD-9F30-ADBA0A734758}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{061F828C-34AE-477F-9E24-56B9C7BFD3B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{06332CB0-DFEA-44C1-A73F-C08BAC0C3E89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe |
"{072AF19D-D30D-4893-ACE0-E84B40D70559}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{072BF2F5-2176-422D-81FE-2470F42DCFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{07594759-4DF9-4F66-9204-C1379ECE6986}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{07793EA7-D922-491E-A07C-30524473EA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{0794577D-8DED-424C-B78B-4C24D09DC926}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe |
"{07D4139B-8C71-4F72-9293-664BF1ED8FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{08440229-AABE-40AD-B58C-0CB12A28A2A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{08AD19D9-99EB-4A1F-A15A-7506936F3E52}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{08FDD093-F276-469B-8C00-E635E6843C14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf |
"{09E92FB5-9971-4D97-83B9-61F686B99CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{0B59191D-8D88-4A3D-AE57-045FF7C7D2BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_launch.exe |
"{0BB1AED6-929F-433D-99CB-5145BDB3D85D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{0D17878E-B831-4F92-8E1D-D843B10EC2C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0D434830-6569-4066-9AA2-B1BC1AC07938}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{0D60528D-09C7-459E-AB0A-6811196FA1BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{0EE34E2F-6066-45F4-ADDC-C2925FAF5FEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe |
"{0EFEBC9F-8EAA-438B-A49C-230B44655AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{0F2FDB8B-1921-4D51-837A-7172603CB739}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{0F5FD7FD-942B-45FD-98B7-8A3BF031D21D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{12820261-8533-480C-B3E5-FB173824E282}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{12FCEAF0-E270-4207-95E4-CFDF0A0CFEAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{13154544-980C-4F62-AF8D-999F1FD6054C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe |
"{16950EB3-35BB-44CE-92DB-DA9EC465720B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1902E4CD-9B84-4CF8-A368-425F8F9694DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{1970B285-F9C9-420D-8342-FA7AF8644257}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{1A808342-0EDF-4E37-9F60-19E0E7CE3AED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1BA31D6A-A1BB-4BC6-B649-F267DF4A4E43}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{1BE5D245-FCD8-4883-B084-CB7894B34FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{1D1CD99E-92EA-4E5C-8609-C85330F119DB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{1D36090B-9874-4632-954A-3B04F83BAA32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{1D65D4B5-E60F-4E7E-AC9D-89E7D1ACE47F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe |
"{1E2B3349-334E-495B-B665-1F4F417E2773}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{1ED93CFC-6577-4F97-9FAB-2BD131F7C570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold legends\strongholdlegends.exe |
"{1F6E0823-326E-401C-ABB3-35E5E05559D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1F7D4AF5-16D1-41F8-818A-532FADA604E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{209B93F2-48AE-416D-AC6F-FEB50C515889}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{22DBA45F-3DF5-49AD-9C2C-92B4DABE542E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{22F77B45-082D-4E30-A2F7-F0773142CCCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\1701 ad\1701-addon.exe |
"{237EFBD0-BBD5-4892-99D3-19EA4EA45C5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{23B55C9C-48F9-43AF-AB9F-FE7D1B1E78D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{25EAC8DF-B812-45CC-A4B5-4005D334DF53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2817FB45-200A-441F-8041-CD31E2B4C570}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{29395A5C-4838-4A20-BE88-BD5BD2922BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{2B71A98B-566E-4C34-9004-0C2D8661F0C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold legends\strongholdlegends.exe |
"{2C618BA4-BDEB-463D-B361-327D2759FBB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe |
"{2FEE4C0C-DC8D-40E7-99B7-E9A3BF505868}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{317A5AD2-3FB3-49F5-9D26-A476DD2E6705}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{31C331FF-D6A7-4528-B832-734E8A5B4FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{3308E387-532D-48FE-BE1D-C9BC3125572F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{362CDADA-C6D9-4060-9011-653C85B62A91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{36B98849-7A63-4C67-8F64-29B1CB3DB4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{37EFB91E-0E62-4244-9A3C-25299F88EA9C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{38010BC2-C673-4F7B-A182-9DC35E0BA516}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{3828566C-5621-426E-BB58-2BCA1698FA33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe |
"{38AA6F9D-6ED2-4584-BF42-943189515ADA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{393728CD-36FE-42C1-86E1-556B0DADBFFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{39F6D2EF-47B6-4CE7-BEF2-B6D4C161B96D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{3A97D696-7D04-4D4D-BB54-3DF8E81D2F5D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{3AFE50F2-47B2-4BD5-9345-456A556E03CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{3BCD193B-5C0B-4F91-B1DF-400F117F26F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{3F26BE88-64EE-4A67-9522-D98FF756B53B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{3F47FE23-E177-4131-BF38-95729836D7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{404568E2-83D3-4007-B0A0-BC44215DFF09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{40B3C81F-A9BC-44BC-8C52-F0FCC90824F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{411F5C38-2534-40E0-BCE8-0D607927258C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{41610B5F-28DF-46CA-B2FC-B91B32CDCB5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{418CFC2C-C75C-48CC-B2CA-061071DF05CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{41A8881A-66EC-4389-9AF0-26EA4E98070B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{41BCE234-10E3-4C7B-AD3D-0E83D4DE82C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{421232EE-0A8F-4B3E-B978-97CC9A146D10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{4276AC38-7E42-46B2-97C8-2B7089DE305D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{437D2C78-CDF8-4920-BB51-2CB99080DFCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\1701 ad\1701-addon.exe |
"{43A95181-88A5-400E-A3F2-546DFB8167FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe |
"{47FDF012-56F0-428D-BE93-BF74098B647D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{48284975-FDB8-4746-90D4-02AD7FC8EB7B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{48FC04AF-7D5E-4F8E-9BA8-0034BFFA6EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{4A4CA625-1E59-46E9-B6A3-CEC97D3A6ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4B194AF0-6912-4863-94CB-1D5462D2F29C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4BEF7D75-C68B-429E-969A-1F8A682299FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4BF9FCCF-2756-4BF3-A8A4-BBB19B404F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4D2447AF-4EB9-4D52-AB34-308C0069D032}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{4D4A373B-B66A-42D1-B753-F9BA761A6758}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{4DCA100B-4BC1-4616-8D6D-9BC6965BB039}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{4EADF87E-D2B3-40AF-970F-13984E48A52C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{51C5EB5B-0E9D-4344-8866-C72ECC62E7E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{523EA34A-99D0-496F-814F-218E7DB3F785}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52FCE786-E073-46F9-84FB-A7AF909A92D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{555FB059-F692-4FD0-BD15-AD5AD83DDCEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{5583CA9C-65B2-45B1-B042-33F87FD490B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{55E59E53-2A11-4776-8C79-C6C9081F1981}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret world\clientpatcher.exe |
"{5626C858-95A6-4502-959A-731A83CFE3C9}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{57861BD3-50FD-467B-ABCD-5D536F534434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{593730CC-0239-42F2-B630-6DEC17B1A593}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5AC34C9F-0EB2-4614-BC2E-768FF272B03D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{5D7FCA0D-8D5C-4486-BA2F-2551140235CA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{5D8837DD-2653-492C-B183-7059BCE57CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lucius\lucius.exe |
"{61C8F481-BC96-4BA2-A89C-CD04A3A31B97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{61E0F2D8-53A6-41A6-A34B-274DB6E0D3D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{620F8D1B-3B30-49ED-A2B8-207FD3D02D37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{63095719-5E36-4D6B-BF73-0398F6C56FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3.exe |
"{64940305-EFA0-4520-B0EF-15E930DAF707}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{64C803D6-BF52-41C5-9676-77E13C42E827}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{64D98295-0EF6-4E1F-919E-E5C511F656FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{65BC0124-002D-4164-BA2E-EB0D47C037EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{65CD565A-68B7-41A4-8BF7-6D264275FBA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_launch.exe |
"{6ADA8244-5902-446A-B40F-90F7614D0C99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{6C96E7F8-A87C-47FE-9EBB-B26177481ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{6F505211-8FC5-4DDD-A0C3-20173EB3F535}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{6FEFCFC4-9704-4F8E-8E27-7937ED425E89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe |
"{7038A47D-5434-47C0-8099-A8D7B50F4C25}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{708F2781-59F6-448C-B592-0C1E48988E44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{71FEDAA4-BDAF-4021-8831-CBA934259D98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{72A02F8C-2E53-4A59-A258-084FE039ABB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{72CFC9DC-1D7E-45EB-AE7D-883EC13BBCDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{72F6F24A-11A1-4D09-9F75-EC0D5136D32B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{74E818A1-62EC-4D93-9D1A-581F09FC9446}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{74EDE4CB-A6A0-4B0C-ACFF-2E5B0EB6E497}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{75603CF0-D650-442F-BD3A-D9129A34AE96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\longlivethequeen\longlivethequeen.exe |
"{760D84DC-5EDD-4BBF-9197-9E1D85243413}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{76529968-0EEC-45D8-AE4B-CF3534378BCD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{767B4458-07E9-469A-AE2B-44D30C8E0894}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{784884C6-507D-41BF-8E50-95069A32DEE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7B0F18C9-7AB7-4243-A5D0-1FEE3EAC5D8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B416EBB-5EF9-40F4-B07F-88CAC39F928F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{7B8456AF-E4F1-40C6-AADD-F54BAC0FE113}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{7E4E45E5-A864-4E0E-A148-2C60E111242E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{7EC79F69-5767-4446-AA24-B2B5F3810282}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{7F0E8D6A-E45A-4112-8C4C-C1CFF21F2B96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{7FCECFCC-CABA-4A44-B4F4-45597990BE63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magical diary\magicaldiary.exe |
"{80BBE7CB-22C0-4CE5-9F49-96583D757037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\conanpatcher.exe |
"{80C03D0A-00CB-4EE3-8AF9-08AFAFBABB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{80C5E4EE-C270-45CC-A06E-5E27335D0922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{83816FC5-8839-479B-8FF4-B0F7C40F9E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8434C3FF-B00A-47A3-A7E2-4D453D90E35B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{858D9E8F-FA79-4B37-8656-561C65619AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{87813A64-4A95-4D0C-9150-521B3C68A6EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{8A6DB7F5-F6BB-4667-8F1E-634B83BC65B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{8B80C5A2-8101-4AB2-8CF4-C2257BAFA6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8BE45887-FF7F-4BB9-9179-090ED079E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon commander\shipping\dcapp.exe |
"{8C9CCB56-E082-4ED4-8C4B-2746BE56E907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8CDDA50B-72E8-4155-9EDF-8144D657E56C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{8FC105B3-0585-4B79-A69A-53FF906054D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{90F39450-BA04-4F82-B301-509BFA7DDBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{91076946-3251-4CBB-A219-003A6805C7BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\1701 ad\1701.exe |
"{913BFDE6-4F20-4418-ABCD-CC46EFCD33F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{93673E2A-392E-4A82-B62F-CF13AC4FF79B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{936B45AD-6D8B-4445-A181-A4ED97CFA25F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magical diary\magicaldiary.exe |
"{94DFC663-B7DE-4F91-9FBB-36E26DBA5FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf |
"{986375F2-41A9-4561-AB6C-2F5B27E42872}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{98AA69E4-F617-4044-B0FE-01273DDD7AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99DAD6C4-E6BF-4712-B8AC-4BED41A5ABAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{9A2764C5-3BB0-4610-9FA7-215C5A92F9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{9B171B50-4563-4767-9920-786BC9F6DD2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9CE7C544-3A83-4618-91A2-3ABD6C4148BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{9E187596-E9EF-4AA7-89B3-4ABB4E427A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\conanpatcher.exe |
"{A0C8B698-EBEB-4048-A7FD-6A75ED69A79D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{A175A427-F8E9-44E7-9E5F-C39EBDE0BB8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{A3BA3889-CA8B-4257-BFAF-29A1453603DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{A3DBC1E1-FC68-4FA6-9B23-4746480C66E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\1701 ad\1701.exe |
"{A3FAB211-C585-4A9A-BCDC-472B75AC7929}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{A50DDD6F-C5E3-4CB0-89DA-C60CE05B6511}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{A60092EE-1995-43B4-8796-BADF62670A8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{A6C82495-ACDC-462E-929E-0DDCE23A4CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3.exe |
"{A7265B7F-8FA9-4618-B38E-E0FFFC274F69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon commander\shipping\dcapp.exe |
"{A759F0B9-40EC-43FD-8CAF-7A282517C48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{A7690511-9269-4280-BB98-D73315C9B6F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A85C2CC3-2868-498B-B1E9-78F9DA264A5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{A89DBA0C-3EF5-4DB2-AB9A-489FD9F21973}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf |
"{A8AED8C1-3D6C-4AC9-9020-DC60C4ACB592}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{A90497C2-18E7-4926-8A41-333E449AA6D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{A9748949-C30B-4E33-84B0-8C9D40C895AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{AD21F77E-9214-43EA-A32C-3A9725B7F3FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{AD6151D2-D806-46A5-95BE-193EC744A585}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{ADBDC7F5-6C2D-4E46-9040-3314AC3328CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{ADEEE919-9ABF-492C-A586-1A903B562CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{AE2E9C5E-7C22-4C97-8BE6-CCD365F7A88C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{AE33CD62-5C95-4960-8B94-2A9C2ECC8B9C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{AFD92B01-ADFB-4F93-A94A-E595E26BF6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B15E618F-5869-4E4B-BD55-AF8854C9C608}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{B200A671-37F5-4358-8BED-EEA5D68D07BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{B34B6235-F4CD-416D-9215-84DE9E845193}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B49A307B-BDE3-4124-9093-FCA2CD7B87EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{B61C1DAE-3EFA-4233-BA44-126247B37007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B61F3174-F838-4982-B314-DB7717F9273E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{B642F880-DAD6-46A5-A93A-97C3DE0E54BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B897F5DC-DFA4-4534-8DED-F2D5837C48AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lucius\lucius.exe |
"{BAFE82BF-309C-444C-BED5-B9AD56D04330}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{BB31731D-CF66-4F12-989A-CCAA28194286}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{BB61472F-F170-4611-A095-FB9D511309F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{BCF0CD18-81C3-44DD-8926-11B2A98FBB61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold 2\stronghold2.exe |
"{BF896B4E-49B7-40CD-8F38-6BE5DD9A1E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C13CC36C-9A2D-457D-9B20-56F6D2E59C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{C250581B-CAE6-49BF-97F8-BDDB04C754D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{C2B832E4-7F59-4496-856B-FE8617FDAC19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{C312B98C-4B87-4206-A6E1-BEF052ECBF41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{C4C2CC69-04D4-4F4A-BB66-8EC090FA1DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{C597C291-A268-4985-98B3-E8ED3DC1A23B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\towns\towns.exe |
"{C70AB23E-51AE-4DB2-B144-7296F63FE503}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C727FA84-485E-4999-927C-B9BAAEE05B72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C84576B6-505F-4C86-A2DC-124BAB7D44D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold 2\stronghold2.exe |
"{C8934FFF-3093-4C1F-865D-E38B04E4C51B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C8BD2EB5-DA03-4353-9FF9-8075CEA6CB77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{C9C91500-5268-4A35-BE89-9ABD884ACCCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\towns\towns.exe |
"{CB0A5F49-2FD4-452A-A9F7-3B5820EBD872}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\longlivethequeen\longlivethequeen.exe |
"{CB7FC53C-E13F-409F-889C-EEA2DD6BF0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{CBE45C23-4741-4DA7-B772-62A55637D936}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CCF1B5F7-B7D4-40E5-88DA-360DDA4A23FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii\guildii.exe |
"{CF3DDC64-1691-4B4E-80CC-B38A04B2BD43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{D0619774-05C5-4034-8A45-65AF7A586F73}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0A3AB72-59FA-40E7-BFE3-4505E472B46E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{D18E1F64-0659-455C-B855-4E6EA2BB1F95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{D230EB17-1BD7-4488-953E-25F49CB59C6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{D2CC9EF1-29AB-429D-A2F6-FADAE9128D34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{D2EC5550-06A4-419E-83A8-536AAE12B7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{D3F02358-731F-4D8C-8D4C-78DDADB1F345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf |
"{D5883BE5-C772-4F2E-BDCC-14B176087F52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{D5D79ECC-313A-4B7C-B464-E51E4DD6E619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D7744118-60FF-4449-A499-A66BFB5382B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{D825C62A-1887-45C9-9980-CCAF4B952759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret world\clientpatcher.exe |
"{DA73DE4E-A927-46F0-97E9-B48C5241A2F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{DB00DA9C-75A9-4F75-9F38-21C4564FC740}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{DBB071D3-D4D8-4A77-8BE2-370E20530DED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{DD63C7FB-0904-480C-AD53-03F2FDDEF2CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{DD8240A9-29F2-4E65-8EF6-F7AB42814D71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{DDC90D68-B906-44A8-A760-D1A1A4DB91B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{DDEE9769-3CE0-427B-A250-59B7DFA43812}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{DE42553D-AD94-44DC-BC03-E808BC9507FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{DFCE1CC4-F80F-435F-93C6-6804ECF87DEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{E013CEA9-3E8E-461C-B4DD-12C13BF39CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{E248D026-912D-4628-84F9-8D0765BD8291}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E289038B-FB00-4E48-8160-00A9A7086959}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{E31136BE-D3D9-4557-AC15-EE5687208DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{E467BE1B-BA8D-4FFD-A443-6E3CC6598335}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{E5B7C562-44CD-4F30-9BC9-FFC7884BE878}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{E6FE02AC-116C-4FF7-A8A4-47489DFE893F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E7DA143E-131A-414D-89E9-0764E2E7818F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe |
"{E8A95A93-48D1-4A9B-AD68-39B02EB7319B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{EB41B5FF-34DA-4817-B7E0-8FE8412C5C0C}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{EC261CC4-1238-41F9-804B-BC1718223849}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{EC8A3304-237A-449D-89B2-C5E5543B37EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EDF64E48-5EA7-4D3B-9350-B3F3A26333CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sengoku\sengoku.exe |
"{EEA36B2A-F9CD-40FF-B648-47A0B0A569AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{EEE6BB56-4973-45D1-9151-241419F7F906}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EF6039DD-6C73-4AF9-A73F-DA5251DDA42B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{EF7D15DB-1601-426F-B54B-053AFDB9FBCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe |
"{EFC55049-3E89-45B8-AF49-B2A218FA8791}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe |
"{F17D0A10-DAE6-42B2-BCBF-68EDD75F5C46}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F1D45DD8-AAAD-4E26-8A81-E18469EE07F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{F1EF4CBC-C250-4613-9708-4D029E62B6B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{F30CF096-57AB-46B3-9A0B-84BE5401A14C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{F4A07775-D5B6-4B8F-BF81-F2D424CB8209}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F4E7A135-2DBE-4FFE-8FBF-9A5696C5BD7D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F878CA48-6293-483E-B7E5-185D833F8C4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{FA584749-28E5-46D6-A3E8-A3652AF91B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{FA72A5A2-460C-4128-BA0B-33543F2F2CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{FB7E1489-A207-48F1-8EFF-EE53B7A7201D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{FB99B04F-AEB2-41B7-A71F-FB9E53B13797}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{FCE7B827-990F-4DC7-8E4D-4913894F048A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{FF8AC62D-E34F-4B23-8A25-BC8C43BF20E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{097D9486-BEA2-4384-8D52-CA9AB32BA8D6}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{164ACD8B-C152-4D3B-877D-5C54A281492A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{3873F4C1-1456-4AB8-8870-3513A3B13BE8}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{42D71C92-6D5A-4377-8FA7-C466299E63F0}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"TCP Query User{6AA033B1-46F7-4F4C-B32F-C40D256A532D}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe |
"TCP Query User{8541F8F7-079C-496F-976C-D12353ED428A}C:\users\austin\desktop\against-the-wall-a053-win\against-the-wall-a053-win.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\against-the-wall-a053-win\against-the-wall-a053-win.exe |
"TCP Query User{E8C152F3-B357-41A7-A288-895F55E08E50}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{07AFC3B6-418C-4C96-BBE7-B42E379F8F2A}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{0D07E27B-4068-4977-ABE2-CA94F9DFE0BE}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{34982186-F556-4CBB-BA98-912A3AA4DD7B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{3866D97C-208B-4B27-BD21-D0CBDFE404E5}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"UDP Query User{48233C78-42B3-4BE8-B7E9-9B67EFDC1C68}C:\users\austin\desktop\against-the-wall-a053-win\against-the-wall-a053-win.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\against-the-wall-a053-win\against-the-wall-a053-win.exe |
"UDP Query User{4844C701-5D29-4A97-A2AC-292FDD92B8A4}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe |
"UDP Query User{C14A7D36-3DF0-4932-9470-A67A8A933DA6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61F769F1-BAD0-45BF-5718-62259ACE24A6}" = ccc-utility64
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F580D12E-01E5-31A6-A321-7C8E6D5361A5}" = ATI Catalyst Install Manager
"{FA8D4B26-17BE-B76F-B2F6-0FD7391EDF95}" = AMD Media Foundation Decoders
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"UDK-1183829b-8310-4ea0-bfdc-3e8aff89adfb" = PARANORMAL - BETA 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0522A804-7B80-CEBF-DE81-597E5BA14D2F}" = Catalyst Control Center Localization All
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A352E1C-7868-2D98-165C-FCBD37F1E4AF}" = CCC Help Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13F59C8F-FC81-D786-77E7-CDFA6E2FE018}" = CCC Help Spanish
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4DFE9C-F186-65E5-E2EE-2EA5B8FD2147}" = CCC Help Portuguese
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25D47128-0A98-2F03-AFC7-F2F3963CFB3E}" = CCC Help French
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{330977BC-E980-4D58-DEE4-7E768CFC3EEF}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{379FBC79-1693-C2C9-5F34-BB0FAFFF5394}" = AMD VISION Engine Control Center
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{50060B25-2B8B-D852-7303-B64D2F7CDD90}" = CCC Help Turkish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59111E3F-59C0-A8A5-9B49-253D6625F194}" = Catalyst Control Center InstallProxy
"{5A513137-7B05-E84C-B679-747AD17034F1}" = CCC Help German
"{5AA9CA89-29E1-6216-05BC-7C479A0FCF80}" = CCC Help Czech
"{5CE60812-BE7F-391C-99BF-2E3A4AE0C3E2}" = CCC Help Hungarian
"{61B8A32E-C79E-27DE-41E2-45F378976B96}" = CCC Help Italian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70658F33-BAB1-93B6-D365-8053A66762AC}" = CCC Help Dutch
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B20A36-5080-EA59-64CF-B276AD647724}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DFA50F-382E-6337-4B68-8454A29DFB50}" = CCC Help Danish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{952D0DBE-C9E2-2931-9F8F-C1230B6CAB4C}" = CCC Help Thai
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A93AC7AF-0247-E038-2B78-A327A3267D78}" = CCC Help Finnish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BCA47823-6ACE-9B28-B3ED-1D63E9B7794F}" = Catalyst Control Center Graphics Previews Common
"{BF3913A7-D083-F383-928F-BB93D48DB8F5}" = CCC Help Greek
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C4C6C4A5-955C-C86D-E804-7325CE584F79}" = CCC Help Chinese Standard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8DCD2DD-3999-C9CF-899C-F996D76CCD14}" = CCC Help Swedish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE101785-F702-BCAD-F286-AF6D1FDD795B}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50D4D29-C7B5-4136-AADE-D85794926840}" = Rags Suite
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F910001F-A592-34EE-39B6-9D75D55D2FE7}" = CCC Help English
"{FA6AF15B-5E4B-0A8A-7C5F-8F7FA2C0C85E}" = CCC Help Korean
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF7B20F0-9AF0-AE97-8111-60E63D0F3564}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 113400" = APB Reloaded
"Steam App 1520" = DEFCON
"Steam App 1523" = DEFCON Beta Demo
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 203770" = Crusader Kings II
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 207890" = Football Manager 2013
"Steam App 208090" = Loadout
"Steam App 208140" = Endless Space
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 20920" = The Witcher 2
"Steam App 211120" = The Political Machine 2012
"Steam App 211340" = Magical Diary
"Steam App 212680" = FTL: Faster Than Light
"Steam App 215280" = The Secret World
"Steam App 218170" = Age of Conan: Unchained - US version
"Steam App 218640" = Lucius
"Steam App 219150" = Hotline Miami
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 221020" = Towns
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 222730" = Reus
"Steam App 22380" = Fallout: New Vegas
"Steam App 230170" = Divinity: Dragon Commander Beta
"Steam App 232210" = Chivalry: Medieval Warfare Beta
"Steam App 236850" = Europa Universalis IV
"Steam App 241600" = Rogue Legacy
"Steam App 243950" = Divinity: Dragon Commander
"Steam App 245470" = Democracy 3
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 251990" = Long Live The Queen
"Steam App 25800" = Europa Universalis III
"Steam App 25890" = Hearts of Iron III
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 2810" = X3: Reunion
"Steam App 2820" = X3: Terran Conflict
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3700" = Sniper Elite
"Steam App 39650" = The Guild II
"Steam App 39660" = The Guild II - Pirates of the European Seas
"Steam App 39680" = The Guild II: Renaissance
"Steam App 40950" = Stronghold
"Steam App 40960" = Stronghold 2
"Steam App 40970" = Stronghold Crusader + Extreme
"Steam App 40980" = Stronghold Legends
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42960" = Victoria II
"Steam App 440" = Team Fortress 2
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 570" = Dota 2
"Steam App 63380" = Sniper Elite V2
"Steam App 7110" = Jade Empire: Special Edition
"Steam App 72200" = Universe Sandbox
"Steam App 73210" = Sengoku
"Steam App 7870" = 1701 A.D.: Gold Edition
"Steam App 7880" = 1701 A.D.: Sunken Dragon
"Steam App 9900" = Star Trek Online
"WildTangent hp Master Uninstall" = HP Games
"WinGlulxe" = Windows Glulxe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"World of Warcraft" = World of Warcraft
"WTA-0abac794-9d2f-4787-9269-27406f552f91" = Namco All-Stars: PAC-MAN
"WTA-18d36ca0-b7ff-4c09-937f-7804e7603d65" = Agatha Christie - Peril at End House
"WTA-1976eea0-965b-401d-bdcc-aebe9db01838" = Polar Bowler
"WTA-1f753da2-900e-460f-bd78-07a4f1c15286" = Slingo Supreme
"WTA-2283f919-9b16-4b5f-adaa-12b3faa9b514" = Mystery of Mortlake Mansion
"WTA-2dfa1057-b337-4a95-9f08-93e88fc9e8f8" = Chuzzle Deluxe
"WTA-2e72ecc4-69c3-4a48-99c6-95518d1f7e8d" = Blackhawk Striker 2
"WTA-30b8695d-035c-428f-8c43-b3179bc86588" = Vacation Quest - The Hawaiian Islands
"WTA-37963807-cdf9-44b7-b6bf-d35292b037aa" = FATE
"WTA-45c259e6-c0b0-41be-bc07-68879ee7223b" = Cake Mania
"WTA-549d1232-ffde-4ec6-8a03-e7c8d22625e6" = Zuma Deluxe
"WTA-5f14f328-d230-4d9f-bcc4-80461a78c229" = Bejeweled 3
"WTA-644723a7-7537-4e49-b712-4538eee2743a" = Virtual Villagers 5 - New Believers
"WTA-756a5cd5-afe9-42e8-8b0a-99bc1d320e76" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-83d9c2f2-c747-4ead-9c8d-4ad040bbbbed" = Plants vs. Zombies - Game of the Year
"WTA-8784cfb6-2f27-4788-87ac-52b6c323b5de" = Bounce Symphony
"WTA-8ddf9b09-1a2f-4a32-be85-d75ef706b513" = Poker Superstars III
"WTA-9d395a3e-014f-4b8b-be7c-6078e4dcca3f" = Farm Frenzy
"WTA-a2586019-0a0c-4f71-8cab-c4b10e845b7a" = Cradle of Rome 2
"WTA-d2c47484-f1d8-4c92-b6fc-9a2006732450" = Polar Golfer
"WTA-e1fea292-00f9-4862-a6b4-20f2403e43ea" = Penguins!
"WTA-ee2b6349-1ae5-4599-bf61-b81df23f828b" = Mah Jong Medley
"WTA-f641f158-c970-470a-9570-5bf934e09835" = Blasterball 3
"WTA-f8da9904-b817-4578-93eb-0c51e65bd85e" = Chronicles of Albian
"WTA-fc5a2bfe-2429-438f-956a-067814ebadcd" = Governor of Poker 2 Premium Edition
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-40889351-2054760772-4028562235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1" = A Game of Thrones version 0.6.1
"ba6b223a061cf89e" = SavIP Launch Build
"Elder Kings CK2 Total Conversion 0.1.4b" = Elder Kings CK2 Total Conversion
"SOE-C:/Users/Austin/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"The Consuming Shadow" = The Consuming Shadow
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2014 8:13:47 PM | Computer Name = Austin-Computer | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 6/12/2014 8:14:18 PM | Computer Name = Austin-Computer | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 6/13/2014 10:05:14 AM | Computer Name = Austin-Computer | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 6/13/2014 10:05:44 AM | Computer Name = Austin-Computer | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

[ Hewlett-Packard Events ]
Error - 5/9/2012 7:44:55 PM | Computer Name = Austin-Computer | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/51501486_59be_4ef5_8218_ff191391b31e/pt0t1nqvvz8goq7tfsbtegot_5.rem' has
been disconnected or does not exist at the server.    Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5616 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 5/9/2012 7:45:00 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/9/2012 7:45:01 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:56:57 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:56:57 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/23/2012 7:42:55 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 60 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/23/2012 7:42:56 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 60 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/30/2012 8:26:22 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/30/2012 8:26:22 PM | Computer Name = Austin-Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 6/12/2014 2:52:12 PM | Computer Name = Austin-Computer | Source = DCOM | ID = 10010
Description =

Error - 6/12/2014 8:11:26 PM | Computer Name = Austin-Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:10:49 PM on ?6/?12/?2014 was unexpected.

Error - 6/13/2014 10:02:44 AM | Computer Name = Austin-Computer | Source = DCOM | ID = 10010
Description =

< End of report >

Check Up

Results of screen317's Security Check version 0.99.84
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.8.800.168 Flash Player out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Everything seems to be running fine, but I do have a questions concerning my memory. I have 5616 MBs and when I boot up my computer with nothing running such as Firefox or iTunes it says I'm using ~25% of my memory with a svchost at 100 MBs being the leading thing on taskmanager. Is that normal or am I just paranoid?

#7
23red

Posted 14 June 2014 - 04:58 PM

Trusted Helper

Malware Removal
1,797 posts

Everything seems to be running fine, but I do have a questions concerning my memory. I have 5616 MBs and when I boot up my computer with nothing running such as Firefox or iTunes it says I'm using ~25% of my memory with a svchost at 100 MBs being the leading thing on taskmanager. Is that normal or am I just paranoid?

Svchost does most of the work, that is normal.

A little bit left to remove:

Step 1.

Disable Spybot S+D

Open Spybot-S&D

Go to the Mode menu and make sure "Advanced Mode" is selected

On the left hand side, choose Tools ~> Resident

Uncheck "Resident TeaTimer" and OK any prompts

Restart your computer.

Step 2.

OTL Fix

Please right click on

Run as Administrator, accept UAC prompts.

Under

in the textbox at the bottom, please paste in the following text:

Quote

:Commands
[CREATERESTOREPOINT]
:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
:Files
ipconfig /flushdns /c

Push the

button.
OTL may ask to reboot the machine. Please do so if asked.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
A massage box

will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply, please

Step 3.

You have Malwarebytes on your computer. Please right click to run as Administrator, then update and run a full scan.

Please let me know the results.

Step 4.

I'd like you go to ESET and run an online scan. Once you get there, you will however need to disable your current installed Anti-Virus, how to do so can be read here. I'm not seeing one installed, do however keep TeaTimer disabled.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer, you can use Chrome or Mozilla FireFox for this scan.

You will need to to right-click on the either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.[/b]

Please go here then click on:

A new window will open:

Select the option YES, I accept the Terms of Use then click on:

When prompted allow the Add-On/Active X to install.

Uncheck the box beside Remove Found Threats

Check the box Scan archives.

Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Now click on:

The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically. The scan may take several hours[/color].

Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

1. If No Threats Were Found:
Put a checkmark in Uninstall application on close
Close the program
Report to me that nothing was found

2. If Threats Were Found:
Click on list of threats found
Click on export to text file and save it to the desktop as ESET SCAN.txt
Click on Back
Put a checkmark in Uninstall application on close [color-red]Be sure you have saved the file first
Click on Finish
Close the program.

When you return, please:
OTL fix log
Malwarebytes log
ESET scan results
Let me know if any problems remain

Thank you

#8
Jack_Random

Posted 15 June 2014 - 06:29 PM

Member

Topic Starter
Member
10 posts

OTL Fix Report:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Austin\Desktop\cmd.bat deleted successfully.
C:\Users\Austin\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06152014_202248

Will Post/ Edit in MBAM and ESET when each are done.

MBAM came back clean

Edited by Jack_Random, 15 June 2014 - 09:48 PM.

#9
Jack_Random

Posted 16 June 2014 - 12:46 AM

Member

Topic Starter
Member
10 posts

ESET Report

C:\TDSSKiller_Quarantine\09.06.2014_20.30.47\uds0000\file0000\tsk0000.dta a variant of MSIL/Injector.BKO trojan
C:\Users\Austin\AppData\Roaming\wlrmghls.exe a variant of MSIL/Injector.BKO trojan

#10
23red

Posted 17 June 2014 - 07:59 PM

Trusted Helper

Malware Removal
1,797 posts

Hi Jack_Random

Apologies for the delay.

First

The computer was infected with a backdoor Trojan.

From the ESET scan, the TDSSKiller scan you've previosly run it shows the malicious file.
Backdoor Trojans are software programs that give an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Backdoor Trojan functionality allows unauthorized remote access to the infected computer while running in the background. A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user. This particular version has a keylogger also. The file viewed has been on the computer awhile.

If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. If everything has been ok since it's been on your computer awhile, keep an eye open to trouble if you do any kind of banking on this.

• From a clean computer change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear

We can continue to clean it up as best we know how, but there is no guarantee the computer can ever be trusted. Many recommend a complete wipe and reinstall of Windows at this point.

A reformat will fix it. It can be removed without a reformat, I'll take out everything bad I see but I can't %100 guarantee that the backdoor has been closed.

The files ESET found will be removed both here and when I remove the tools I've used.

Proceeding ~

Step 2

OTL Fix

Please right click on Run as Administrator, accept UAC prompts.

Under
in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
[2013/05/25 04:17:15 | 000,937,984 | ---- | C] (Razer USA Ltd) -- C:\Users\Austin\AppData\Roaming\wlrmghls.exe

Push the button.

OTL may ask to reboot the machine. Please do so if asked.

If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

A massage box will pop-up.

Click the OK button and a report will open.

Copy and Paste that report in your next reply.

Let's double check and make sure there's no visible signs of a rootkit:

Step 3.

aswMBR

• Download aswMBR.exe from this link to your Desktop.

• Right click the icon on your Desktop and choose Run as Administrator, accept UAC prompts

• When first run the programme will check for VM capability and if it is present it will offer to use it.. Select yes

A new window opens with a note in the front asking if you want to download the latest Avast! virus definitions, click yes and the definitions will download. I'll let you know now: it takes good hour to download, and only about 15 minutes for the tool to run.

Once download is complete and the scan button is enabled
Click the [Scan] button to start scan.

•On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply

•If the Fix button is not enabled, click [Save log] , save it to your desktop and post in your next reply.

When you return, please post:
OTL fix log
ASWMBR results

Thank you

#11
Jack_Random

Posted 18 June 2014 - 01:44 AM

Member

Topic Starter
Member
10 posts

OTL Log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Austin\AppData\Roaming\wlrmghls.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06182014_030925

ASWMBR log

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 03:12:08
-----------------------------
03:12:08.920    OS Version: Windows x64 6.1.7601 Service Pack 1
03:12:08.920    Number of processors: 4 586 0x100
03:12:08.921    ComputerName: AUSTIN-COMPUTER UserName: Austin
03:12:13.944    Initialize success
03:12:13.982    VM: initialized successfully
03:12:14.004    VM: Amd CPU BiosDisabled
03:12:18.587    VM: supported disk I/O storport.sys
03:16:28.462    AVAST engine defs: 14061700
03:17:01.253    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
03:17:01.269    Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
03:17:01.378    Disk 0 MBR read successfully
03:17:01.378    Disk 0 MBR scan
03:17:01.393    Disk 0 Windows 7 default MBR code
03:17:01.409    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:17:01.409    Disk 0 default boot code
03:17:01.425    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941842 MB offset 206848
03:17:01.456    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11925 MB offset 1929099264
03:17:01.487    Disk 0 scanning C:\Windows\system32\drivers
03:17:12.844    Service scanning
03:17:43.451    Modules scanning
03:17:43.451    Disk 0 trace - called modules:
03:17:43.467    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
03:17:43.482    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800658c060]
03:17:43.498    3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8006358040]
03:17:43.498    5 amd_xata.sys[fffff880017e68f7] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80062fc9c0]
03:17:54.870    AVAST engine scan C:\Windows
03:17:57.351    AVAST engine scan C:\Windows\system32
03:21:33.162    AVAST engine scan C:\Windows\system32\drivers
03:21:47.405    AVAST engine scan C:\Users\Austin
03:31:56.103    AVAST engine scan C:\ProgramData
03:33:28.440    Scan finished successfully
03:40:36.333    Disk 0 MBR has been saved successfully to "C:\Users\Austin\Desktop\MBR.dat"
03:40:36.333    The log file has been saved successfully to "C:\Users\Austin\Desktop\aswMBRlog.txt"

#12
23red

Posted 18 June 2014 - 08:39 AM

Trusted Helper

Malware Removal
1,797 posts

How is the computer running? Any issues?

#13
Jack_Random

Posted 18 June 2014 - 08:51 AM

Member

Topic Starter
Member
10 posts

Everything seems to be running fine at the moment with no real issues that I can see.

Question though, was the C:\Users\Austin\AppData\Roaming\wlrmghls.exe a keylogger or a backdoor? Cause if that timestamp on it was correct I've had it on my computer for over a year now during which I've done a lot of online banking/financial interactions, but nothing has flagged up on my accounts throughout that time period and it triggered some pretty bad paranoia last night.

#14
23red

Posted 18 June 2014 - 06:44 PM

Trusted Helper

Malware Removal
1,797 posts

Hi Jack_Random

Everything seems to be running fine at the moment with no real issues that I can see.

Great! :thumbsup:

Question though, was the C:\Users\Austin\AppData\Roaming\wlrmghls.exe a keylogger or a backdoor? Cause if that timestamp on it was correct I've had it on my computer for over a year now during which I've done a lot of online banking/financial interactions, but nothing has flagged up on my accounts throughout that time period and it triggered some pretty bad paranoia last night.

Both. Sort of. The trojan itself is able to log keystrokes. It also attempts to send gathered information to a remote machine (backdoor). This file was a part of it. It is kind of hard for me to tell because I do not know what other tools you used or what files were removed previously. That said, the damage appears minimal to the computer, as if it never really got started. There appears no evidence of it now ~ the aswMBR scan looked good. And by the time we're done anything we've seen will be gone, too.

There is information here about the MSIL/Injector.BKO trojan.

If nothing flagged or went wrong, consider yourself lucky It is very possible it did not complete it's coarse of action for some reason. It does not look like it got started. We can only show what it can, has and is known to do.
Be aware it was there and keep your eyes open just in case. I'd change my passwords too, better safe than sorry!

A couple more things to take care of:

Step 1.

Antivirus

I see no antivirus installed. May I ask why? Everyone should have one. Many good ones are free. They don't bog down computers as much as they used to.
Please click here to go to our Free Antivirus and AntiSpyware software page. Look under the Free Antivirus Software section and download only one of the antivirus programs and save it to the desktop. I would recommend Microsoft Security Essentials or Avast. MSE is easier to use as it doesn't have as many modules to configure. Both are light on system resources.

Step 2.

Windows Sidebar Advice

It is no longer advisable to have this feature enabled as outline in the below Microsoft article:

Vulnerabilities in Gadgets could allow remote code execution

I advise you download and run the Disable Windows Sidebar and Gadgets Fixtit Utility to rectify this.

Step 3.

Update Adobe Flash

Please click here to update Adobe Flash Player.

Note: Make sure you uncheck the box to install McAfee Security Scan Plus before you download the update.

Step 4.

Update Adobe Reader

• Start by uninstalling all versions of Adobe Reader from Programs and Features. You have Adobe 10 installed.

• Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from here for your version of Windows. (top right hand section of the page ~ Choose Adobe Reader)

• Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.

• There may be another box to uncheck for the installation of Chrome as your default browser. That is up to you. Uncheck the box if you do not want it! And yet another for the Google Toolbar for IE ~ This is how junk gets installed.

• Click the Download Now button to download Adobe Reader and follow the directions.

***Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.
They will however try and get you to install the Ask toolbar. Make sure you uncheck that box! You do not want that!

Please let me know how it goes.

Thank you

#15
Jack_Random

Posted 20 June 2014 - 11:08 AM

Member

Topic Starter
Member
10 posts

Sorry bout taking so long to get back to you, between school and work didn't get a chance to sit down and go through what you said to til this morning. Ended up going with MSE and followed everything else you said to do, computer seems to be running great now.