Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am I infected? [Closed]


  • This topic is locked This topic is locked

#1
Simplylol

Simplylol

    New Member

  • Member
  • Pip
  • 1 posts

So I got Malware Bites and it wont let me run it I've been told multiple times I'm infected, but nobody knows how I can fix it. http://gyazo.com/52f...081490d4c9ff662

 

Here are my logs:

log #1:

 

OTL Extras logfile created on: 11/27/2014 11:33:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Snarpie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.46% Memory free
15.92 Gb Paging File | 11.98 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905.22 Gb Total Space | 845.39 Gb Free Space | 93.39% Space Free | Partition Type: NTFS
Drive D: | 416.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SNARPIE-PC | User Name: Snarpie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015260EE-FDB6-4ED8-90B5-B1531BE169F8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{037B92C2-CEB6-4959-A77E-0EA74B099EBD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0F20167B-D4A5-4D31-8751-7E3696D8D81C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14BEFA54-93C4-449B-82DE-DC5F97157F5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1550F857-3C40-48AE-AF42-BFD891F51775}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2022437A-2977-44D6-AC3B-6455476B86C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{229358A8-D8C6-4CAD-8ACE-B1DAE5D6736C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23DDD0D1-ED62-49F5-8093-27A9293868D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{315E9FF8-FA26-4B98-9467-AF8FE6AD31EC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3263161D-46AB-4FB6-AB05-53B69C3D264A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{591FC985-0CDD-41E8-9B29-FF32B5F27271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A2EDAD6-4104-45A0-88BD-F6F68BD03A7D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F3A06A9-4188-4BD9-A970-0B4774DD9A07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E1E3EF7-F822-4F03-94EB-88B015B74BC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6E98101C-756B-454D-998C-412EF924AE48}" = lport=139 | protocol=6 | dir=in | app=system | 
"{78683C7A-4F83-45AB-9299-FB8B1EEC654D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{791634DB-80BF-4420-BAC8-77C823F43254}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{8F1565AB-FDB9-4292-A052-A1F7FE066D15}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90D183A6-C874-420E-AE48-490F21C2E774}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{A213CFA2-522E-4D14-A20A-49B6E9B63C12}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | 
"{A6E507F7-2C26-47CA-B08F-C8836D9F1C48}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1AEFC7B-3EE2-49B4-808B-53DFEF37B853}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CBFB9C3E-8432-424F-9BA5-7AA685EC2EC5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CC0E023B-7850-4E90-AEC9-298D76AB8D27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCE9DF68-4AA8-4CEF-ABA1-9BED992427D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CDB7C259-D0CF-491A-AA29-626486AA215B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D655AC8A-0FE2-42CC-95CB-8DB8D2B878CE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F66CD900-3BC7-4627-BCD9-492BBAC997C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA33930-74FA-4029-88DE-FCDE0E761BB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{102483B9-934C-44BF-8FFE-177E66BC5D64}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{187FDD42-213E-40BB-AFEA-6AC36363173A}" = protocol=1 | dir=out | [email protected],-28544 | 
"{1CB1F0AB-5E77-4BD2-90B0-AA9007A3209F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E1BC904-2E32-4B80-BBF2-48276D432AB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{2DF6BBBE-0CEB-4710-BDF5-E7683B7AFEBA}" = protocol=58 | dir=out | [email protected],-28546 | 
"{37D48D16-1D16-47B4-AA1F-DA23186AFAD9}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\bin\steamwebhelper.exe | 
"{41DD27AC-1008-4D45-A846-64FAFE3866E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{43102559-7C36-45BE-BF9D-2783CC311CBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{466B497F-E270-44BF-A6D7-86B8ACC62E04}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | 
"{499B6E2E-34C0-41A2-94EB-43A3A8399BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4C52AB37-876A-414F-99BB-83D07641694C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{51A72DCB-5813-4C2F-A259-3D1BA4CD78C0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{588CACF6-E839-42B9-810C-84AE440A24CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6CF81319-EC7B-4458-9DE0-FF855011591B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72F35EAB-68D9-4BE1-8001-BFA640910BBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{74BC8719-DC2C-4E22-8849-0D4AF700FE18}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{74DCD349-0AEA-48A1-9631-EB76BF41CA10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{750AD8E9-289D-4448-A382-43224A68E70A}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | 
"{7A4BEA0D-29FD-4B6C-8462-2A8C1A673A56}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | 
"{81FB543A-16BA-4A85-B8B2-C32858B9CCA5}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\bin\steamwebhelper.exe | 
"{8346E5EE-D776-4A61-9E09-1369294A93EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85ADE4B5-A152-4A68-9FA7-FD4F25E1FE18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CD6D0C7-110E-4E1F-B833-3D9E13D4FDBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90320039-BB29-423F-A9CF-965309588552}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{941C19E2-628F-46BF-A26F-651DDAA5335B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96890DE2-9846-4A68-B46C-386EA4B86B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A891606-07DF-4313-BB65-F88BAC2B6C72}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A442E9A1-0A62-4C8B-869C-15338ED69E35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A99259BF-9696-4C3A-99E3-C6E51F6D4B20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACFF136A-600B-4A39-9DE8-2BA6B3A64A3C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{B1B3E6F7-4DE7-417B-A1F1-B81C4E2FBD09}" = protocol=6 | dir=out | app=system | 
"{B59F2A91-375D-4A85-837E-EDFE39E780A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{BCD98708-88E8-49CA-A97D-C627515E6775}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C19B58C4-05A7-4D4F-AD29-79B22D927624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5F3A81B-4839-4BBC-924C-FC50D3124466}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6CD4118-1F62-4571-B794-757BBB6C31B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF9DBE23-90F4-4848-80CC-77899B7C6B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{D3FA906D-F593-4ECA-B9FC-F2B54A475726}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D4C6E6EF-FFD8-451E-9752-B54E3672EF4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D8F4FFFA-4D2B-4BBB-870D-A74AF9EABF91}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | 
"{E21EBA83-19B9-4E73-A3F5-185CA9DF22DD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{E31CF2B6-DD90-41A0-9769-426DFC11F36E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8CCD070-C5B8-45AD-86D9-8BC0F42607B8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F3436851-38FF-40E8-94D6-325D32411D01}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{FF72AC12-AA02-4B2A-BACE-6D2725536933}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{11E53806-3D41-49D5-8674-ADE468C801F5}C:\users\snarpie\desktop\limitlesslogger\limitless logger.exe" = protocol=6 | dir=in | app=c:\users\snarpie\desktop\limitlesslogger\limitless logger.exe | 
"TCP Query User{30E81C1B-71CB-42DB-AF88-601AFADFF71E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{4104E33E-2D09-43ED-95CA-F4B42C8C700E}C:\users\snarpie\appdata\local\temp\rar$exa0.840\incognito\kl\client.exe" = protocol=6 | dir=in | app=c:\users\snarpie\appdata\local\temp\rar$exa0.840\incognito\kl\client.exe | 
"TCP Query User{759A77D8-EA46-4BAD-B386-1B0059D29ECA}C:\users\snarpie\appdata\local\temp\rar$exa0.295\incognito\kl\client.exe" = protocol=6 | dir=in | app=c:\users\snarpie\appdata\local\temp\rar$exa0.295\incognito\kl\client.exe | 
"TCP Query User{BE038B45-FE13-42B9-BD73-AF83EAF1D9B6}C:\users\snarpie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\snarpie\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{FCAE0648-8164-48C6-A859-5C74CB50B44F}C:\program files\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files\bitcoin\bitcoin-qt.exe | 
"UDP Query User{12C6393A-E69E-4877-8C26-73A5D322DD0B}C:\program files\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files\bitcoin\bitcoin-qt.exe | 
"UDP Query User{2A13253E-B3D7-4DAD-9D0E-7F3B746220ED}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{43141C41-A9E5-492A-AFE4-3A8125EC073C}C:\users\snarpie\appdata\local\temp\rar$exa0.840\incognito\kl\client.exe" = protocol=17 | dir=in | app=c:\users\snarpie\appdata\local\temp\rar$exa0.840\incognito\kl\client.exe | 
"UDP Query User{4448C80C-B54C-4A53-B434-D3E5AFF26244}C:\users\snarpie\desktop\limitlesslogger\limitless logger.exe" = protocol=17 | dir=in | app=c:\users\snarpie\desktop\limitlesslogger\limitless logger.exe | 
"UDP Query User{77AB7381-D03B-441B-BAB6-07DDDEB5E809}C:\users\snarpie\appdata\local\temp\rar$exa0.295\incognito\kl\client.exe" = protocol=17 | dir=in | app=c:\users\snarpie\appdata\local\temp\rar$exa0.295\incognito\kl\client.exe | 
"UDP Query User{C6D2DB27-4481-4B2F-AD01-F969278CD4F6}C:\users\snarpie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\snarpie\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{135FD245-2480-478A-9D2B-83B50673440E}" = Kerio VPN Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{44302C2F-11BD-FC0C-555C-4A3616E8D927}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{C2956908-53A3-88FC-B795-B16508296FC4}" = AMD Catalyst Install Manager
"{C9270CB8-7F02-D437-EF1D-3924DB369CFE}" = AMD AVIVO64 Codecs
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"Dell Support Center" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CC71D6-D10E-CD8C-9987-2B21CD89F3B8}" = CCC Help Korean
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{153286B6-8551-645B-B1AE-C90744899465}" = CCC Help Thai
"{1865CA20-6CA0-2B47-10FB-079D442A0AC4}" = CCC Help Czech
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FAC373D-3564-698C-520D-F0E5E5447514}" = Catalyst Control Center
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22
"{2583CDBA-8A53-4622-BB67-1D163714C1B4}" = Python 3.4.2
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E2C9814-436A-A62D-65B4-5B282B2433E3}" = CCC Help Italian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34363EEA-096F-5942-7AB8-71035D22CBEF}" = CCC Help English
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite HL-2280DW
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4554C679-5E8A-736B-2077-BCB6FE44F444}" = CCC Help German
"{474DFABF-E55B-4905-ABAA-40791A6AC77F}" = Camtasia Studio 8
"{517FBD21-11B8-C5C6-A117-407A92ADBF21}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{583D68F8-9D9A-76CB-DDCB-5B135CFA73C1}" = CCC Help Portuguese
"{5D9E8D1D-9C13-4EA3-2FBF-5BC16B309859}" = CCC Help Swedish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.2
"{70F7F759-6F96-490A-7C83-87F7B3E6DE59}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BD5955-2A21-A049-4B25-241E107B5D1E}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A036E28-AE5C-4662-B24F-8D8B65116F3C}" = Catalyst Control Center - Branding
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{810ADC23-569C-EBB9-015F-DA6658FDC380}" = CCC Help Chinese Traditional
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{84F52EFF-C6BB-80E5-0294-3FF7927054E1}" = CCC Help Norwegian
"{856D3E24-0DB4-1C23-8196-3F899C866259}" = Catalyst Control Center Localization All
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DED2990-A33F-E54F-7F8A-8B7622E19D0D}" = CCC Help Polish
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEAF9B4-3967-DEC7-4721-2624D7A52330}" = CCC Help French
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A69F04D1-01E7-F06E-BD5C-AA5BB72A5124}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80DB23D-0618-405B-89D9-28F99814E287}_is1" = AntiLogger Free version 1.8.2.16
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{ADF06D43-D3D3-C38F-4627-177BAC9D4C76}" = CCC Help Spanish
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B9C42CED-B790-78F6-3C25-6C3EE07EE765}" = CCC Help Hungarian
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CD144FE2-58C1-603B-9BD8-A39096D1D9A3}" = CCC Help Danish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5EB832B-F953-A1BC-B9B4-9EBEBD17D3FB}" = CCC Help Russian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEFD0E9E-5A6D-34C8-8338-DF2E7770D0FA}" = CCC Help Finnish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9145944-F223-777C-CBBE-FF35ED649ACE}" = CCC Help Dutch
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"FileZilla Client" = FileZilla Client 3.9.0.6
"Google Chrome" = Google Chrome
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Steam" = Steam
"TeamViewer 9" = TeamViewer 9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin Core (64-bit)" = Bitcoin Core (64-bit)
"Flux" = f.lux
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/29/2014 8:55:01 PM | Computer Name = Snarpie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Faulting module name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Exception code: 0x40000015  Fault offset: 0x0011486c  Faulting process
 id: 0xfc4  Faulting application start time: 0x01cff3d2330842ed  Faulting application
 path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  Faulting
 module path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Report
 Id: 601e7e56-5fcf-11e4-9535-6894230acb22
 
Error - 10/30/2014 4:57:42 PM | Computer Name = Snarpie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Faulting module name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Exception code: 0x40000015  Fault offset: 0x0011486c  Faulting process
 id: 0x19f0  Faulting application start time: 0x01cff47d41cabc43  Faulting application
 path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  Faulting
 module path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Report
 Id: 63739f03-6077-11e4-9535-6894230acb22
 
Error - 10/30/2014 5:43:26 PM | Computer Name = Snarpie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 10/30/2014 5:43:27 PM | Computer Name = Snarpie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 10/30/2014 7:33:51 PM | Computer Name = Snarpie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/30/2014 7:33:51 PM | Computer Name = Snarpie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6927
 
Error - 10/30/2014 7:33:51 PM | Computer Name = Snarpie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6927
 
Error - 10/31/2014 4:31:04 PM | Computer Name = Snarpie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 10/31/2014 11:51:21 PM | Computer Name = Snarpie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Faulting module name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Exception code: 0x40000015  Fault offset: 0x0011486c  Faulting process
 id: 0xab8  Faulting application start time: 0x01cff57fcb27dd34  Faulting application
 path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  Faulting
 module path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Report
 Id: 576a742d-617a-11e4-9535-6894230acb22
 
Error - 11/1/2014 11:18:07 AM | Computer Name = Snarpie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Faulting module name: TBNotifier.exe, version: 31.10.3.0, time
 stamp: 0x542f0232  Exception code: 0x40000015  Fault offset: 0x0011486c  Faulting process
 id: 0x3fe4  Faulting application start time: 0x01cff5dfb3ebea3c  Faulting application
 path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  Faulting
 module path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Report
 Id: 47ceae5f-61da-11e4-9535-6894230acb22
 
Error - 11/1/2014 11:32:33 AM | Computer Name = Snarpie-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2014/11/01 10:32:33.995]: [00011540]: BrStiIf: Escape
 STIESCAPE_BIDIOPEN failed.    
 
[ System Events ]
Error - 10/31/2014 4:20:02 PM | Computer Name = Snarpie-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9DA089A6-DC69-45BE-9F5C-85F0A9550596}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 11/2/2014 7:36:32 PM | Computer Name = Snarpie-PC | Source = Service Control Manager | ID = 7034
Description = The BlueStacks Updater Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 11/2/2014 8:10:55 PM | Computer Name = Snarpie-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   ttnfd
 
Error - 11/2/2014 8:11:29 PM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 11/2/2014 8:11:41 PM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 11/2/2014 10:57:23 PM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/10/2014 10:14:55 PM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/14/2014 5:10:32 AM | Computer Name = Snarpie-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   ttnfd
 
Error - 11/14/2014 5:11:12 AM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 11/14/2014 5:11:18 AM | Computer Name = Snarpie-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 
Log #2:
 

OTL logfile created on: 11/27/2014 11:33:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Snarpie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.46% Memory free
15.92 Gb Paging File | 11.98 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905.22 Gb Total Space | 845.39 Gb Free Space | 93.39% Space Free | Partition Type: NTFS
Drive D: | 416.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SNARPIE-PC | User Name: Snarpie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/27 11:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snarpie\Downloads\OTL.exe
PRC - [2014/11/25 00:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/18 14:23:36 | 001,519,808 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Cracked Steam\bin\steamwebhelper.exe
PRC - [2014/11/18 14:23:34 | 001,940,160 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Cracked Steam\Steam.exe
PRC - [2014/11/18 14:23:34 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/11/13 12:20:28 | 007,721,736 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
PRC - [2014/11/13 08:35:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/10/09 03:43:50 | 000,808,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
PRC - [2014/09/16 14:45:52 | 003,095,328 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/09/12 12:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/15 22:58:02 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/08/14 17:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/07 23:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/04/20 15:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014/04/20 15:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014/04/20 00:41:10 | 000,359,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
PRC - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/10/23 16:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Snarpie\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/14 15:45:20 | 001,474,560 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files (x86)\Kerio\VPN Client\kvpncgui.exe
PRC - [2013/08/14 15:45:18 | 001,376,256 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files (x86)\Kerio\VPN Client\kvpncsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/09/06 20:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 20:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/02/17 00:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 15:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/27 15:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 20:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2012/01/21 10:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/21 10:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/29 17:12:06 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/12/26 19:53:00 | 000,076,960 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2010/11/20 21:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\cmd.exe
PRC - [2010/03/10 15:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/25 00:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/25 00:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 00:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 00:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 00:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/11/18 14:23:50 | 002,227,904 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\video.dll
MOD - [2014/11/18 14:23:34 | 000,690,880 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\bin\chromehtml.dll
MOD - [2014/11/14 03:15:59 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\510d3cca1455e91a81604f4781c4760c\IAStorUtil.ni.dll
MOD - [2014/11/14 03:11:32 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014/11/11 12:48:12 | 001,171,456 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\libavcodec-56.dll
MOD - [2014/11/11 12:48:12 | 000,485,888 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\libswscale-3.dll
MOD - [2014/11/11 12:48:12 | 000,442,368 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\libavutil-54.dll
MOD - [2014/11/11 12:48:12 | 000,403,968 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\libavformat-56.dll
MOD - [2014/11/11 12:48:12 | 000,332,800 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\libavresample-2.dll
MOD - [2014/11/11 12:48:04 | 034,589,888 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\bin\libcef.dll
MOD - [2014/11/11 12:47:56 | 000,774,656 | ---- | M] () -- c:\Program Files (x86)\Cracked Steam\SDL2.dll
MOD - [2014/10/16 03:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/10/16 02:30:17 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9c41049a9716f9c34e8dfad27ac45153\System.WorkflowServices.ni.dll
MOD - [2014/10/16 02:30:04 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\26e521624e8e8c879ac83245694d809a\System.ServiceModel.Web.ni.dll
MOD - [2014/10/16 02:30:02 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3063abda312516739bc808360071bad9\System.Xml.Linq.ni.dll
MOD - [2014/10/16 02:29:26 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014/10/16 02:29:05 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\11295b4ad79dbeadee6c83ae45a8a07f\System.IdentityModel.ni.dll
MOD - [2014/10/16 02:29:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 02:29:03 | 017,477,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0d51a457c4cb85cd5ae8439094387ad3\System.ServiceModel.ni.dll
MOD - [2014/10/16 02:29:03 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\da4175d4363c1bcecb984a44cd53664f\SMDiagnostics.ni.dll
MOD - [2014/10/16 02:25:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 02:25:06 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/16 02:24:54 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/16 02:24:45 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 02:24:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 02:24:38 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 02:24:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 02:24:35 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/16 02:24:25 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 02:24:23 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/12 05:41:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\26b50aa1e86a984a5c0d53f2bbf95798\IAStorCommon.ni.dll
MOD - [2014/09/12 05:33:38 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/05/24 10:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 10:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 21:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/10 20:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/10/26 13:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/11/18 14:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/12 12:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/20 15:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/14 15:45:18 | 001,376,256 | ---- | M] (Kerio Technologies Inc.) [Auto | Running] -- C:\Program Files (x86)\Kerio\VPN Client\kvpncsvc.exe -- (KVPNCSvc)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/21 10:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/21 10:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/29 17:12:06 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/12/29 16:53:48 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/12/26 19:53:00 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/13 12:20:26 | 000,071,400 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2014/10/09 03:44:10 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/10/09 03:44:10 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/28 08:06:24 | 000,049,264 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2014/05/13 07:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2014/04/10 16:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014/03/28 16:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/03/26 16:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/03/25 15:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2014/02/25 12:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/02/20 11:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/10/17 09:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/08/14 15:27:32 | 000,030,208 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\kvnet.sys -- (kvnet)
DRV:64bit: - [2013/08/08 16:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/02/09 00:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/04 13:55:35 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/10/04 13:55:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/10/04 13:55:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/27 01:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 01:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 01:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/29 17:02:50 | 000,548,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/12/29 17:02:24 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/12/29 17:02:12 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/12/29 17:01:42 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/12/29 17:01:24 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/12/29 17:01:12 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/12/29 17:00:54 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/12/29 17:00:42 | 000,338,592 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/12/13 10:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/06 05:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/24 01:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/26 14:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 12:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/18 04:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67982285-E19F-4CE1-9BFD-A28F31AB4294}
IE:64bit: - HKLM\..\SearchScopes\{67982285-E19F-4CE1-9BFD-A28F31AB4294}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67982285-E19F-4CE1-9BFD-A28F31AB4294}
IE - HKLM\..\SearchScopes\{67982285-E19F-4CE1-9BFD-A28F31AB4294}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {67982285-E19F-4CE1-9BFD-A28F31AB4294}
IE - HKCU\..\SearchScopes\{67982285-E19F-4CE1-9BFD-A28F31AB4294}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: support%40real-hide-ip.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/10/09 03:44:14 | 000,000,000 | ---D | M]
 
[2014/09/20 17:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snarpie\AppData\Roaming\mozilla\Extensions
[2014/10/11 20:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snarpie\AppData\Roaming\mozilla\Firefox\Profiles\2wvl8fc2.default\extensions
[2014/10/11 19:47:40 | 000,004,527 | ---- | M] () (No name found) -- C:\Users\Snarpie\AppData\Roaming\mozilla\firefox\profiles\2wvl8fc2.default\extensions\[email protected]
[2014/10/09 03:44:14 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/10/09 03:44:14 | 000,000,000 | ---D | M] (Ngăn chặn trang web nguy hiểm) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/10/09 03:44:14 | 000,000,000 | ---D | M] (An toàn giao dịch tài chính) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/10/09 03:44:14 | 000,000,000 | ---D | M] (Công cụ kiểm tra liên kết của Kaspersky) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/10/09 03:44:14 | 000,000,000 | ---D | M] (Bàn phím ảo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4.1_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip\1.2_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Snarpie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/09/05 20:30:44 | 000,000,992 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.virustotal.com
O1 - Hosts: 127.0.0.1 http://www.virusscan.jotti.org
O1 - Hosts: 127.0.0.1 http://www.metascan-online.com/
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kepard] "C:\Program Files (x86)\Kepard\Kepard.exe" tray File not found
O4 - HKLM..\Run: [Kerio VPN Client] C:\Program Files (x86)\Kerio\VPN Client\kvpncgui.exe (Kerio Technologies Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZALFree] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Cracked Steam Service] C:\Program Files (x86)\Cracked Steam\Cracked Steam.exe (Anti-Valve Software                                         )
O4 - HKCU..\Run: [f.lux] C:\Users\Snarpie\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Free Multi Skype Launcher.exe] C:\Program Files (x86)\Media Freeware\Free Multi Skype Launcher\Free Multi Skype Launcher.exe File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_727C97B3280FDFD715E74E0C0EDA45CF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Windows Defender] C:\Users\Snarpie\AppData\Local\Temp\MSASCui.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DA089A6-DC69-45BE-9F5C-85F0A9550596}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA8E74E-7B7F-4CA9-8AD5-C234E2C6588B}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBE8CF88-A13F-425A-A2CC-E5CCD1A57808}: DhcpNameServer = 172.27.120.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F691932C-1688-49C1-BC5F-D62872AECDD2}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 23:14:28 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{187b88c8-0e5e-11e2-bfbb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{187b88c8-0e5e-11e2-bfbb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- [2010/02/24 23:41:20 | 001,912,336 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/27 11:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/27 11:03:21 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/27 11:03:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/27 11:03:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/27 11:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 11:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/27 10:56:39 | 000,000,000 | R--D | C] -- C:\Users\Snarpie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/11/27 10:36:02 | 000,000,000 | ---D | C] -- C:\2ceb4acb00a89fd53de0bec602
[2014/11/27 10:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/27 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/11/27 10:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/11/27 10:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/11/27 10:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/11/27 10:14:21 | 000,000,000 | ---D | C] -- C:\AMD
[2014/11/26 23:10:09 | 000,000,000 | -HSD | C] -- C:\Users\Snarpie\AppData\Local\EmieBrowserModeList
[2014/11/26 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\AppData\Local\143VPN
[2014/11/26 20:55:45 | 000,036,736 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2014/11/26 20:55:45 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\Desktop\143vpnclient
[2014/11/22 14:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2014/11/22 14:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith
[2014/11/22 14:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2014/11/22 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2014/11/22 14:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2014/11/21 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\Desktop\COC SERVER
[2014/11/09 20:30:03 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\Desktop\PhonePics2
[2014/11/02 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\Desktop\profile
[2014/11/02 17:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Paessler
[2014/11/02 17:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2014/11/02 17:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/11/02 17:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/11/02 17:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PRTG Network Monitor
[2014/11/01 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\AppData\Local\SolarWinds
[2014/11/01 10:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SolarWinds
[2014/10/31 14:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Reprise
[2014/10/31 14:50:19 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\Documents\faceshift
[2014/10/31 14:50:19 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\AppData\Roaming\faceshift
[2014/10/30 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Snarpie\AppData\Roaming\Wireshark
[2014/10/30 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/27 11:07:28 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/11/27 10:55:40 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/27 10:55:40 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/27 10:52:41 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/27 10:52:41 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/27 10:52:41 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/27 10:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/27 10:47:23 | 2116,784,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/27 10:40:47 | 000,775,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/11/26 15:56:09 | 000,282,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/21 15:19:52 | 000,000,632 | RHS- | M] () -- C:\Users\Snarpie\ntuser.pol
[2014/11/13 12:20:26 | 000,071,400 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2014/11/13 08:35:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfff4f106f42ad.job
[2014/11/13 08:35:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfec5351980ce7.job
[2014/11/02 17:48:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/11/01 09:58:30 | 000,000,397 | ---- | M] () -- C:\Users\Snarpie\AppData\Roaming\DataAccounts.xml
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/27 10:17:20 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/11/27 09:44:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/11/13 08:35:26 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfff4f106f42ad.job
[2014/11/04 19:23:53 | 000,000,632 | RHS- | C] () -- C:\Users\Snarpie\ntuser.pol
[2014/11/02 17:48:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2014/09/15 14:30:17 | 000,000,397 | ---- | C] () -- C:\Users\Snarpie\AppData\Roaming\DataAccounts.xml
[2014/09/08 18:59:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/09/08 18:59:36 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2014/09/07 12:15:16 | 000,041,836 | ---- | C] () -- C:\Users\Snarpie\AppData\Roaming\msconfig.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/27 01:34:51 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\.minecraft
[2014/11/27 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Bitcoin
[2014/11/01 09:42:25 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\ControlCenter4
[2014/10/20 11:04:54 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Dropbox
[2014/10/31 14:50:19 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\faceshift
[2014/11/22 16:21:58 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\FileZilla
[2014/11/27 09:38:49 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\GHISLER
[2014/10/04 16:24:33 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Gyazo
[2014/10/17 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Kerio
[2014/10/08 20:13:19 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\LolClient
[2014/09/15 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Media Freeware
[2014/10/04 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\MultiForce Backup
[2014/09/08 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Nuance
[2014/11/27 00:13:30 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\OmniCoin
[2014/10/18 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\PDAppFlex
[2014/10/08 15:38:08 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Riot Games
[2014/11/27 09:58:18 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\SoftGrid Client
[2014/09/06 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\TechSmith
[2014/09/16 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\TP
[2014/10/23 17:02:33 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\uTorrent
[2014/10/30 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Snarpie\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 464 bytes -> C:\ProgramData\TEMP:9A870F8B
 
< End of report >
 
 
I'd appreciate help!

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to use a different tool to look at this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP