Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help I am Infected and it will Not go away!

Started by Xcode5 , Dec 14 2014 03:02 PM

This topic is locked

#1
Xcode5

Posted 14 December 2014 - 03:02 PM

New Member

Member
9 posts

Hello I recently got infected by this file http://goo.gl/YNGP8A - Dont open will get infected.

Anyway as soon as i opened the file nothing happened. But then suddenly malwarebytes kept giving me notifications saying it had quarantined a certain file. so i check my quarantined files and it shows multiple of the same file which keeps on comming up and being quarantined

Anyway i did a malwarebytes scan and it showed me this

i applied actions, but then again the same file kept coming up saying it has been quarantined (sorry for bad spelling)

Anyway i looked up for some help and it suggested i try Junkware removal tool, so i tried that, did not solve the problem, so i tried adwcleaner, which still did not help so i downloaded Rouge killer and that aswell did not solve my problem. I am Still Infected!

Also my computer has been getting slower ever since and also my webcam turned on randomly for 1 minute then went off, so i maybe assuming a RAT? remote administration tool?

anyway please help me

OTL log

OTL logfile created on: 15/12/2014 6:49:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jordan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.90 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 52.79% Memory free
15.81 Gb Paging File | 11.44 Gb Available in Paging File | 72.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.56 Gb Total Space | 366.00 Gb Free Space | 54.02% Space Free | Partition Type: NTFS
Drive D: | 20.78 Gb Total Space | 2.24 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 6.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JORDAN-HP | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/12/15 06:45:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Downloads\OTL.exe
PRC - [2014/12/13 21:32:05 | 001,378,640 | ---- | M] (BitTorrent Inc.) -- C:\Users\Jordan\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/12/11 03:41:07 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
PRC - [2014/12/09 20:47:31 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/19 22:39:03 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/07/11 15:47:50 | 000,093,184 | ---- | M] (Microsoft) -- C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe
PRC - [2014/07/11 15:47:50 | 000,020,992 | ---- | M] (Microsoft) -- C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe
PRC - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/06/12 16:56:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/05/25 03:16:05 | 000,421,632 | ---- | M] () -- C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
PRC - [2013/04/20 00:21:53 | 000,440,648 | ---- | M] () -- C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
PRC - [2012/12/13 02:02:57 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/06/16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/12/17 06:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/17 06:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/17 06:37:18 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011/12/17 06:37:10 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/12/06 10:00:50 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011/12/03 05:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/11/30 13:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 08:08:00 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/20 08:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/07 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/21 13:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/14 11:14:42 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\timeout.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/11 03:41:07 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
MOD - [2014/12/09 20:47:31 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/14 16:01:22 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll
MOD - [2014/10/16 22:12:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/16 15:21:46 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 15:21:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 15:21:32 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 15:21:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 15:21:06 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/10 20:26:19 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013/05/25 03:16:05 | 000,421,632 | ---- | M] () -- C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
MOD - [2013/04/20 00:21:53 | 000,440,648 | ---- | M] () -- C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
MOD - [2011/09/01 09:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/09/01 09:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/22 12:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/13 02:13:09 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/03/01 10:07:58 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/09 09:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/06 09:59:58 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/11 20:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/12 03:11:47 | 000,174,112 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/12/11 03:41:07 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/09 20:47:31 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/19 06:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/07/11 15:47:50 | 000,093,184 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe -- (SpotfluxConnectionManager)
SRV - [2014/07/11 15:47:50 | 000,020,992 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2014/04/15 20:37:24 | 000,038,480 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\idcloak VPN\systray\routingservice.exe -- (idcloakRouting)
SRV - [2014/04/15 20:37:24 | 000,032,568 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files (x86)\idcloak VPN\openvpn\openvpnserv.exe -- (idcloakVPN)
SRV - [2014/03/21 08:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/12 16:56:44 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/03/01 11:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/06/16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/28 06:04:30 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/17 06:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/17 06:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/17 06:37:18 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/12/17 06:37:10 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/30 13:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/06/07 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/13 03:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/15 04:10:36 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/13 20:48:21 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/11 15:47:50 | 000,060,160 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter2.sys -- (netfilter2)
DRV:64bit: - [2014/04/15 20:37:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014/03/02 15:07:08 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/29 09:12:28 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/03/01 11:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/12 14:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/12 14:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/13 02:13:10 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/12/13 02:08:50 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/13 02:08:49 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/12/13 02:02:57 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/13 02:02:57 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/12/13 02:02:57 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/12/13 02:00:29 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/11/12 17:06:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 12:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 12:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 14:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 11:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 12:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 11:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/01 10:33:40 | 010,729,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/01 09:05:32 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/28 05:55:24 | 014,741,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/02/06 04:40:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/06 04:40:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/01/18 19:15:50 | 000,031,360 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2011/12/06 21:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/03 15:52:44 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/11/30 12:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/04 06:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/22 09:33:50 | 000,258,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/08/24 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/26 04:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/07 11:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/06/24 04:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/06/24 04:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/05/21 15:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/02/14 17:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 02:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/05/31 21:56:35 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/08/19 18:00:00 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/10 11:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15)
DRV - [2011/08/10 11:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG)
DRV - [2011/07/21 03:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...e={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enGB516
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..network.proxy.ftp: "119.235.16.41"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.socks: "119.235.16.41"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "119.235.16.41"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jordan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/11 15:56:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/12/15 03:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/09 20:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/09 20:47:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/09 20:47:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/09 20:47:28 | 000,000,000 | ---D | M]

[2013/01/04 00:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
[2014/12/15 04:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\extensions
[2014/12/15 04:02:41 | 000,000,000 | ---D | M] (YOUtuabeAdBloCkoeo) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\extensions\[email protected]
[2014/12/15 04:02:41 | 000,000,000 | ---D | M] (BuyNsaVe) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\extensions\[email protected]
[2013/01/15 09:56:44 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\extensions\[email protected]
[2014/11/03 16:24:36 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/12/09 20:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/09 20:47:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Speed Surfing = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek\174\
CHR - Extension: Gmail = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CancelAutoPlay_df] C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe ()
O4 - HKLM..\Run: [CheckNDISPortf0aca3] C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MKLOL] C:\Program Files (x86)\MKJogo\MKLOL\MK.exe (MK)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D332844-4724-4D54-9728-B6F328429063}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FCC6CC5-0DE4-437A-89D4-4E08DF133DB0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC5521F9-7EAE-4ED8-A9FC-F1E2222470C1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe) - C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe (EFD Software)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/11/16 17:47:24 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/11/16 17:47:24 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/15 04:52:17 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\009DBC25-96F5-42A9-A935-FEC38F2218B8
[2014/12/15 04:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeltaFix
[2014/12/15 04:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Surfing
[2014/12/15 04:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YOUtuabeAdBloCkoeo
[2014/12/15 04:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\95CCB571-1C54-4FE1-A9C7-42F8796C7F80
[2014/12/15 04:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\010
[2014/12/15 04:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuyNsaVe
[2014/12/15 04:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\15943647030891824691
[2014/12/15 04:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm
[2014/12/13 20:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/12/13 08:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2014/12/13 08:06:55 | 000,000,000 | -HSD | C] -- C:\Users\Jordan\AppData\Roaming\AutoHotkey
[2014/12/12 03:29:05 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\7 Days To Die
[2014/12/12 03:27:52 | 000,174,112 | ---- | C] (EasyAntiCheat Ltd) -- C:\Windows\SysWow64\EasyAntiCheat.exe
[2014/12/12 00:36:30 | 000,000,000 | ---D | C] -- C:\Users\Jordan\TopBot
[2014/12/11 06:54:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/09 20:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/05 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Jordan\.soulgames
[2014/12/04 03:03:36 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\TBot
[2014/12/04 00:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HitLeap
[2014/12/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\java
[2014/12/03 20:03:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/03 19:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/16 17:47:24 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2014/11/16 17:43:35 | 000,000,000 | ---D | C] -- C:\UsbFix
[2014/11/16 17:42:53 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/16 17:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/16 17:42:38 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/16 17:42:38 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/16 17:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/15 06:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 06:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 05:33:36 | 000,091,599 | ---- | M] () -- C:\Users\Jordan\Desktop\virus 2.PNG
[2014/12/15 05:18:50 | 000,160,216 | ---- | M] () -- C:\Users\Jordan\Desktop\virus.PNG
[2014/12/15 05:03:17 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000UA.job
[2014/12/15 04:10:36 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/15 03:30:45 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 03:30:45 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 03:25:45 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJordan.job
[2014/12/15 03:21:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 03:20:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/12/15 03:20:46 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/12/15 03:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 03:20:35 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/13 20:48:21 | 000,035,064 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/12/13 20:43:29 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/13 20:43:29 | 000,667,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/13 20:43:29 | 000,126,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/13 19:39:02 | 000,000,024 | ---- | M] () -- C:\Users\Jordan\random.dat
[2014/12/13 19:15:00 | 000,000,045 | ---- | M] () -- C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
[2014/12/13 08:07:56 | 000,001,352 | ---- | M] () -- C:\Users\Jordan\Documents\AutoHotkey.ahk
[2014/12/12 23:53:40 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000Core.job
[2014/12/12 03:11:47 | 000,174,112 | ---- | M] (EasyAntiCheat Ltd) -- C:\Windows\SysWow64\EasyAntiCheat.exe
[2014/12/11 21:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJORDAN-HP$.job
[2014/12/08 04:53:50 | 000,000,045 | ---- | M] () -- C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
[2014/12/04 03:03:27 | 000,008,037 | ---- | M] () -- C:\Users\Jordan\Desktop\topbot.jar
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/15 05:33:36 | 000,091,599 | ---- | C] () -- C:\Users\Jordan\Desktop\virus 2.PNG
[2014/12/15 05:18:50 | 000,160,216 | ---- | C] () -- C:\Users\Jordan\Desktop\virus.PNG
[2014/12/13 20:48:21 | 000,035,064 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/12/13 08:07:56 | 000,001,352 | ---- | C] () -- C:\Users\Jordan\Documents\AutoHotkey.ahk
[2014/12/10 19:12:32 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJordan.job
[2014/12/04 03:03:25 | 000,008,037 | ---- | C] () -- C:\Users\Jordan\Desktop\topbot.jar
[2014/08/16 21:12:56 | 000,000,058 | ---- | C] () -- C:\Windows\JQHApp.dat
[2014/07/13 05:14:03 | 000,000,045 | ---- | C] () -- C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
[2014/07/13 05:11:21 | 000,000,045 | ---- | C] () -- C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
[2014/07/13 05:11:21 | 000,000,024 | ---- | C] () -- C:\Users\Jordan\random.dat
[2014/04/05 19:40:13 | 000,000,600 | ---- | C] () -- C:\Users\Jordan\AppData\Local\PUTTY.RND
[2014/04/05 19:35:27 | 000,000,600 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\winscp.rnd
[2014/03/23 11:22:52 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013/06/04 20:26:20 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/04 20:26:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/01 11:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/01/15 17:58:47 | 000,964,074 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\Log.dat
[2012/12/04 12:13:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 12:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 11:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/12/06 02:13:45 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\.minecraft
[2014/12/13 05:35:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\.StarMade
[2014/12/15 04:52:31 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\009DBC25-96F5-42A9-A935-FEC38F2218B8
[2014/12/15 06:56:22 | 000,000,000 | -HSD | M] -- C:\Users\Jordan\AppData\Roaming\AutoHotkey
[2014/12/13 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
[2013/12/13 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Ultra
[2012/12/03 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Digiarty
[2013/04/20 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DMCache
[2012/11/11 16:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Easeware
[2013/06/12 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\fltk.org
[2013/01/13 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FlvtoConverter
[2014/08/17 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Graphmatica
[2013/02/26 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Groovedown_Uninstall
[2014/10/11 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HexHunterZ
[2014/12/03 23:52:50 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\java
[2014/08/03 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\LolClient
[2013/08/24 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\MKKE
[2014/04/18 13:42:19 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Notepad++
[2013/06/04 19:28:32 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Origin
[2014/04/05 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\redsn0w
[2014/08/03 19:25:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Riot Games
[2014/04/10 17:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\SIX Networks
[2014/11/07 03:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\SoftGrid Client
[2013/04/28 09:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Spotflux
[2014/10/13 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Spotify
[2012/12/13 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\SteamForce Sessions
[2012/11/11 16:01:55 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Synaptics
[2013/01/11 04:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\SystemRequirementsLab
[2014/12/05 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TeamViewer
[2014/03/23 16:56:36 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Three Rings Design
[2013/01/06 01:40:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TP
[2014/12/05 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TS3Client
[2014/12/15 06:57:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\uTorrent
[2012/11/19 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\XBMC

========== Purity Check ==========

< End of report >

Extras by OTL

OTL Extras logfile created on: 15/12/2014 6:49:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jordan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.90 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 52.79% Memory free
15.81 Gb Paging File | 11.44 Gb Available in Paging File | 72.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.56 Gb Total Space | 366.00 Gb Free Space | 54.02% Space Free | Partition Type: NTFS
Drive D: | 20.78 Gb Total Space | 2.24 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 6.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JORDAN-HP | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE93A2-FE14-4C17-B9F7-4C7C6CCD5A12}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{080B9DF6-3A8F-43E9-BCD9-6B65E8BDC371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08691BD8-084D-4B86-85CF-5698A14BDC80}" = lport=138 | protocol=17 | dir=in | app=system |
"{19C3EFA7-C35E-4B6B-B56B-5C1C7A2496A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{204D0C83-EF42-437A-AD3C-EB8200BA1FAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3AB40453-616E-4375-85DA-7FAF3100928D}" = rport=137 | protocol=17 | dir=out | app=system |
"{444B7C21-9AFE-42FB-B6C4-54D8CA6E48F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48A385A1-4050-44F2-962F-D6E87C205F8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{54C4022F-D585-494B-9818-7775FCA88B0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{573CF8CA-B94F-4E5D-BDB2-7B5DDEEBA644}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B5F1BF-9A7C-49BB-8918-9B27BA300F00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66802F11-C85D-455D-84F5-39FBE169092B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69225799-A930-46CB-8CBF-8997F9037608}" = rport=445 | protocol=6 | dir=out | app=system |
"{82F2BBE2-29D0-407E-BE4C-13DAA9ABD65A}" = lport=445 | protocol=6 | dir=in | app=system |
"{86AAE7B9-DC31-47ED-9C38-06E15D521024}" = lport=137 | protocol=17 | dir=in | app=system |
"{8743751B-A661-48CB-AC56-2CE9D88EE6C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A1BE7D08-0063-4A13-920F-F3F570C4980A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A523B1BB-0022-4715-B743-32FFFA1AB145}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9A6BE11-CE9E-42FE-BD3A-60E83C166710}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BF20291F-F463-46EC-99EA-E6973A24C4FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D7E9F63D-8142-4CEB-9C67-54B5DAF499CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{D941EB1D-F1FB-428D-9D70-D5968ED64C24}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC01BAAF-C3B1-42D0-8048-67CE9FCA8358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC85BCA2-DD88-4C00-9F90-8E99513CA0B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040E259D-6E29-48B2-ACC8-A3B0AE097360}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe |
"{04FEBEBE-3737-4524-B537-EA920BE5E24D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
"{057D1477-9A5A-4E95-A2F1-06B135811993}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starmade\starmade-starter.exe |
"{0A331D7C-5977-466B-8674-CFDFFB9A814A}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"{0B28035B-51F1-4AC2-BFFB-84C1A7243DB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{115C1153-74C1-4B9F-B966-502E904C2250}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1633B933-00E2-4845-ADB0-26E40E858605}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17404459-ADD5-4D77-9F14-A93E71DE21AA}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
"{1F619A33-94DA-4CF8-B936-FF0AC4BE9BAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\rust.exe |
"{2602B436-7E64-4CAA-A43A-16899A212FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{2605055E-509F-4AA5-8A2C-5B4C05B773D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2E20285E-3A5C-4859-B2F0-85C9D86E8846}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"{305D105C-F0F0-4814-8056-7A8137569D04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\rust.exe |
"{3290AE11-A76C-4FD4-920E-48F059191A42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41A2E038-6515-4D45-9A88-2D99F8CE3D9A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"{43C86283-1B72-462F-8169-01D0882D877F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4728114D-79B1-4F99-BED7-22BBA5B0B673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47C1A6F6-4F53-4733-84A6-E4C5745CAB73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{4BF148A4-5D5E-4AB1-93F9-F8581F56F925}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the forest\theforest.exe |
"{4CFBF424-6789-483B-B729-046F046F7AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{4E2F0DF6-78B0-4996-9157-51C016173560}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E765E08-B0E8-46D2-9E79-5BE822C28DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{50669AC5-52DC-4A3C-8ABE-6944549FB2E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe |
"{541F849E-5052-4678-92BF-3BA3D7EC524F}" = protocol=58 | dir=out | [email protected],-28546 |
"{55F7CC8A-57B7-4876-A9A4-8D4B980493DB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{58237174-EC69-4526-B83D-0D112C425AB5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5A63F8A8-C6E0-47E1-A08B-3CD6ED65C7E8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A9B85B4-3F7E-496D-8CFA-404894983853}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6311E64A-4448-471B-B67E-9E18D8C39B51}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{65A529DF-9431-4FCD-BD17-049B9A22D28F}" = dir=in | app=c:\users\jordan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{67CA53C1-089C-47A4-B0D1-C9B64E5EE38A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe |
"{69BBF1E8-3B6F-4488-86B3-6CD289A1C425}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{6A261CFE-81C4-4F23-8C7D-D2ED99081C14}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6EE060F7-0A4D-457D-9852-39626F559325}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{70193046-0C0A-45E6-8397-9D3802B9ED77}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"{71E5FCF9-303B-40C8-8C57-CB9D6E921C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{724AEE77-0882-471F-8BE5-4B2782B5D571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie_eac.exe |
"{7638003D-7767-432E-B5BC-8DC36224D827}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"{7D5CB822-B7B7-4004-8335-BAD5C61E24E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mklauncher.exe |
"{834CE016-727E-45FC-AFDB-CDBDFD057B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{86D24A54-0164-4CA3-AA0E-57FC82556D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe |
"{88F13D82-5D68-4E3B-B41E-0B97674FBD84}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DFEF1D3-DB54-4330-AE34-BA4D0F4BEA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |
"{91873EDF-27DC-462C-AF1A-C07FA11390C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{92567A04-B63D-4364-B35C-E405EACF39D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95AEA05E-DA04-4808-9000-746D3CE9E2DB}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"{974A9474-4708-42DA-BF5B-99ED78B7AEBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{976B1A46-2F1C-429A-AD3C-CEB79DDEF43F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{98241DBE-DF17-422B-AED0-6D2A065E8221}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie_eac.exe |
"{987A704A-0F81-4B1F-BF43-D63D060B5E60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mklauncher.exe |
"{9DD7EF32-086B-434F-9D65-64966CF08416}" = protocol=1 | dir=in | [email protected],-28543 |
"{A1159060-91EE-4214-9D83-FE981BC4E20F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1255E3C-6115-495B-B8AD-368CADB3E208}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{A2F0BB20-9208-4C6B-81A4-5C357BA3AB0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{AD31C137-1BFF-400C-941E-5531316F32B4}" = protocol=6 | dir=out | app=system |
"{B0B55E61-FE81-45F3-BDF7-E740029AA59D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{B289037B-78FD-4432-A3DA-3D6A15DF73F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{B4E14C89-4D7E-407D-A801-D12AA0285816}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B652A52F-4D4E-4A2C-871C-348526E1B0A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B6B4115D-FAB9-40D9-93E8-556DA1B8AA5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B78A96BB-F2F4-42FD-B567-582689A082E6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B84014BE-6623-4953-B415-B2B4511CF1A7}" = protocol=1 | dir=out | [email protected],-28544 |
"{B8CC3E08-A0DA-44E9-85E2-B3E4C7C16612}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |
"{C1259572-FB8E-4962-ACE4-A2DC262AE31B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C1D1B89D-FB2B-4CC1-B1A8-8DD22A18BF15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C309B660-5EB6-494D-BAB1-ECB1B6DF5597}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"{C53AD2B0-40BC-4D82-B547-2DD52D8FD445}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the forest\theforest.exe |
"{C761AC06-87CA-49D1-8A6C-4EF443F8BE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C8BD235A-1A6C-4EEF-90A8-95131F042644}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8F2515F-5C99-4525-8771-926D9063F4E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starmade\starmade-starter.exe |
"{CC07ADF9-454B-45F2-9966-7B4421C37425}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCE7DEBD-7BA2-4FDC-9BD7-04CD4C00E629}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{D170BB84-50DA-498D-B757-686E3E7E6D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{D23D7735-95FA-4514-A293-F401C8D0ED7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{D42D486F-3E19-47D4-94D7-B77C1B5020FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe |
"{D4898FB8-0846-4577-88E8-2CA52A122E79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D4C575AC-9587-4EF8-A012-C95D6F3798EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
"{D8687CF7-F196-4C79-B6C0-A4CED169F21F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DECE9089-77F2-4EDC-A1A3-282798A0A3BF}" = protocol=58 | dir=in | [email protected],-28545 |
"{E0E19EA4-1CFD-48D2-B581-84EDE062005E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5A394E5-CDDF-478E-AE7B-8C387523A5BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5EB0213-D68E-45E0-9C6E-2A62B4D082B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{E7A171D3-66C4-45B6-A3E2-E47EE1C4F543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8F9325C-EA98-4A9F-923E-89BE15C46214}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe |
"{ECFD4652-DB23-4B03-8968-46DC443CD365}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe |
"{ED334D46-27E8-4E00-872F-C626361532F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"{F214C2F7-A740-45A7-82CA-C71337C91340}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F31013E2-3C2D-4502-9A7F-B5FD4D1A1BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{F34169C6-0F41-4B2F-B727-EC43608CA5EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
"{F776C9D4-E0F0-45FA-9FBF-DC5B3BF30C6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{F91449B3-A5B2-411B-BD8F-E817D1981C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe |
"{FB4DAEDB-EE17-4119-A043-7CD03C1B82AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"TCP Query User{05461AA8-D113-4369-9A51-CE51105757FD}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{173F453C-00CE-4886-A4EB-7B863240BE2F}C:\users\jordan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jordan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2A9A88DE-A9A0-4169-B0B2-7A146F0735C2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{3782DB3D-1BBF-46F8-A07F-5E13E0A42E66}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{393C2D71-F870-46EE-B11C-007145F214A2}C:\users\jordan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jordan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3CC3A9A7-9BE4-4E0C-8586-10B68F2027B2}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{3F710CD0-C5E5-4343-8285-6D577D175B78}C:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{59C0A3D9-176E-4D6B-91D4-B8DC1B3633B1}C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe |
"TCP Query User{5AAE0F64-DB46-469B-963F-4CF79200ACD7}C:\users\jordan\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{62942D9F-2ABB-45A3-A0C7-D19922A14603}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{68BBD9D6-BBF4-4537-A6F6-A63EA557B85E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe |
"TCP Query User{7D33E0A2-102B-49FD-A162-99704C3F72CF}C:\users\jordan\documents\steam cracking\cracking\steamforce.exe" = protocol=6 | dir=in | app=c:\users\jordan\documents\steam cracking\cracking\steamforce.exe |
"TCP Query User{8AD5B031-EC51-479A-88E3-51C9E358A996}C:\users\jordan\desktop\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jordan\desktop\utorrentportable\app\utorrent\utorrent.exe |
"TCP Query User{8FC2BDD9-A01A-4ADF-835B-E7DC9884F79A}C:\users\jordan\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{A252DE50-62CC-417E-8F9F-BF5407F0D3F3}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{A9B6870E-B5F3-4692-BF57-9EB48C23B24E}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{B8024063-8A35-4788-8D61-71AFE65545E7}C:\users\jordan\desktop\games and stuff\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\users\jordan\desktop\games and stuff\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{FD877894-1D69-45FF-A6E9-A056473624AF}C:\program files (x86)\idcloak vpn\idcloakvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe |
"UDP Query User{03160A77-AA27-44F8-86A9-C82C5507484C}C:\users\jordan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jordan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{233F662C-7C2E-4F43-9E5E-F52F44940AA8}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{28B278A9-93C4-4D3C-931D-65FFC94D9A87}C:\users\jordan\desktop\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jordan\desktop\utorrentportable\app\utorrent\utorrent.exe |
"UDP Query User{45FD539C-E860-463E-A234-56927A2518D5}C:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{4D0A36BD-DEEC-4971-84FD-F6D688F11461}C:\users\jordan\desktop\games and stuff\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\users\jordan\desktop\games and stuff\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{55B6358F-00D9-4E88-852E-2FD17AFDB832}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{5E39775F-8412-4B68-B360-3ECD4512A636}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe |
"UDP Query User{78251F41-288A-4279-82CF-D3C4EFDAB2C8}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{93B5C5F7-283B-4C1E-B86E-B17604E49219}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{A56E6153-6C4B-458A-AAFC-C18E5DBEB33D}C:\program files (x86)\idcloak vpn\idcloakvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe |
"UDP Query User{A678920A-6089-4FF5-827C-B1E05C4B9236}C:\users\jordan\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{A6B61DB4-2829-437C-AA47-A19DE7350061}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{B4C15654-DBF9-4072-8680-53B4FBA030A9}C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe |
"UDP Query User{C9A86592-640C-4315-B8B9-104761B91663}C:\users\jordan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jordan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CAAB1C09-7287-4FB3-81FC-270C3C0D6ED4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{CF801CF3-BC18-4554-BEC5-36B28670E000}C:\users\jordan\documents\steam cracking\cracking\steamforce.exe" = protocol=17 | dir=in | app=c:\users\jordan\documents\steam cracking\cracking\steamforce.exe |
"UDP Query User{E48D99E8-716C-418D-B544-B6C3C835F3F5}C:\users\jordan\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jordan\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{F8B03FB6-8F3D-4A92-A9A2-4991B12032F8}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}" = AMD Catalyst Install Manager
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{C1636CC2-9CDE-BD26-AB7E-04EEC0586ACF}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}" = HP Security Assistant
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"95CCB571-1C54-4FE1-A9C7-42F8796C7F80" = couponarific
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04739CDC-C74E-5F8E-4193-07998397FDC7}" = CCC Help Thai
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052A6070-7503-EA5A-9003-F89ACE36C5C9}" = Catalyst Control Center InstallProxy
"{06B35857-386E-E360-3E16-9ADDC424B912}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C93288C-31CC-A9B3-8741-CE0E4DEA87D5}" = CCC Help Portuguese
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}" = ManticoreTree
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15FB0187-64B5-C394-BE5C-F8BCC94F8844}" = CCC Help German
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C87FC3A-D943-7B80-9AF7-E97BA76383E9}" = Catalyst Control Center Localization All
"{1DB45541-4D10-5969-76DA-1C1C050D3543}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{20D0C76D-61ED-E33E-D13E-107EB89B2C41}" = CCC Help Korean
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E2F696-A2BB-4E88-BBCD-D6963DAFEE9E}" = Graphmatica
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44998254-6F6A-4D79-A243-343AB2391BA9}" = Kerbal Space Program
"{46DFC994-41C8-4441-5C9B-ED785F1B9B3A}" = CCC Help Norwegian
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{487C8590-8C6A-83C9-3E93-94F82435F111}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E358233-4432-79FE-FFD1-D6A13ED27C1B}" = CCC Help Turkish
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AAB423D-ED89-33D7-F261-CF8BBD05AB58}" = CCC Help English
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EF6E65-38DF-DCA5-871E-58CCE6244703}" = CCC Help French
"{6F0CE19C-0170-8757-4B6E-4122DAC59CF8}" = CCC Help Finnish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}" = Blio
"{768A6276-5822-489C-8A2B-67190F745655}" = ESU for Microsoft Windows 7 SP1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{8070C698-EE73-5106-DBE4-2E2EA03A2CEC}" = PX Profile Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842C4394-47F7-60DE-480B-C09116B63559}" = BuyNsaVe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{887B5E9E-721A-6D8A-130F-4AC35788754C}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F4F99A0-DCDF-BA51-9993-8C10575BD2A5}" = Catalyst Control Center Profiles Mobile
"{8F9890A8-25EE-FAC3-AE90-24C804E8059E}" = CCC Help Swedish
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92343DD0-2CFF-A544-22DB-D74383916A0F}" = Catalyst Control Center
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{97BC9B9D-E69F-A36F-C366-101CC711F84A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FEB8236-74CD-4194-8717-38771ED0EFE9}" = Catalyst Control Center - Branding
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A152DD5F-8669-0218-1FE2-2615BD56B164}" = CCC Help Japanese
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A6F7C682-D48B-B8B8-05F5-2CEC9AE84940}" = CCC Help Danish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" = Speed Surfing
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}" = TELSTRA PRE-PAID 4G USB
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B762EAD9-3075-E644-6675-40F8F3958B8B}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA736A99-E2DA-D981-026C-F4214D9EF825}" = CCC Help Chinese Standard
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D63CABED-BF83-CD05-CF34-F27FB569AD8E}" = CCC Help Dutch
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E381E901-0523-423C-8785-C93DCAB30F48}" = Catalyst Control Center Graphics Previews Common
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8C91E70-04EB-FF32-7DC7-82BAE939A292}" = CCC Help Greek
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}" = HP Documentation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC16CD6A-245A-964A-B41A-BD2BC7CB6565}" = CCC Help Polish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DAEMON Tools Lite" = DAEMON Tools Lite
"Flvto Youtube Downloader" = Flvto Youtube Downloader
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"idcloak VPN" = idcloak VPN
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"League of Legends 3.0.0" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Razer Game Booster_is1" = Razer Game Booster
"Rugby_is1" = 1.0
"Spotflux" = Spotflux
"Steam App 205100" = Dishonored
"Steam App 221100" = DayZ
"Steam App 22120" = Penumbra: Black Plague
"Steam App 237110" = Mortal Kombat Komplete Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 242760" = The Forest
"Steam App 244770" = StarMade
"Steam App 251570" = 7 Days to Die
"Steam App 252490" = Rust
"Steam App 259080" = Just Cause 2: Multiplayer Mod
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 273110" = Counter-Strike Nexon: Zombies
"Steam App 4000" = Garry's Mod
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Usbfix" = UsbFix
"VLC media player" = VLC media player 2.1.3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
"WTA-07ef8042-0624-43bc-9d09-5855a9781985" = Chuzzle Deluxe
"WTA-0e98f6ea-7765-4e73-ab64-f7dce249926c" = Final Drive Fury
"WTA-1306cd70-a298-454c-a6a7-c66b13a4c53d" = Hoyle Card Games
"WTA-258864cc-2ec0-43d8-9d37-30294899bba0" = Bejeweled 3
"WTA-2b3e84c4-8e78-4b9a-94d8-1a5a342a9b37" = Poker Superstars III
"WTA-2e7e7b24-b3ba-42d6-b1e0-ebb7726e7c0c" = Cradle of Rome 2
"WTA-2f583063-5bd1-476d-b0d1-6b82d26e0e71" = Torchlight
"WTA-36ebc515-c945-4956-b123-a788b97fbfae" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-3bde7a99-0c72-460c-bf76-d41a95e04667" = Penguins!
"WTA-3ff6a673-6b82-4541-a88b-2656ab00382c" = Zuma's Revenge
"WTA-48e4f496-fe63-4e2b-a61e-dc13851e6fe3" = The Treasures of Mystery Island: The Ghost Ship
"WTA-4c31c7e7-0015-40c6-a6d3-dde74787cbea" = Letters from Nowhere 2
"WTA-5092fad0-a9d5-43a9-b886-fd420a7c95c2" = Jewel Match 3
"WTA-5b41006e-0595-44d7-b187-e5f9852a818c" = Plants vs. Zombies - Game of the Year
"WTA-5f9ac036-028f-4d02-bbd1-c4634dde4915" = John Deere Drive Green
"WTA-6753a642-2d67-4418-9221-298f3038adfc" = Farm Frenzy
"WTA-6e3f4d16-2020-4950-9c3d-75a895289f7e" = Dora's World Adventure
"WTA-733a3522-97f7-4c5c-808a-ddf5a2f00f8f" = Polar Bowler
"WTA-7f109111-d8af-4e30-b808-025ef90c1fe1" = RollerCoaster Tycoon 3: Platinum
"WTA-a6a4b2d0-9047-4818-85ed-f60c01f47a7b" = Virtual Villagers 4 - The Tree of Life
"WTA-aff948a7-e32d-4af6-9ea7-6deb8272e24f" = Polar Golfer
"WTA-de539978-b0d6-409e-b7da-c6b310cb1e25" = Luxor HD
"WTA-de974ade-ad73-41cc-a181-085136604b6f" = Farmscapes
"WTA-eddd44e2-8fd7-42e6-a3d0-5930c354759a" = Mah Jong Medley
"WTA-fc736800-f3af-4406-a8ab-2024d60342e5" = FATE
"WTA-fe0c4620-be55-4f05-be90-f16dd677651d" = Blackhawk Striker 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"MKLOL" = MKLOL
"Puzzle Pirates" = Puzzle Pirates
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/12/2014 1:22:12 PM | Computer Name = Jordan-HP | Source = WinMgmt | ID = 10
Description =

Error - 14/12/2014 2:01:23 PM | Computer Name = Jordan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 34.0.5.5443,
time stamp: 0x5475dd5d Faulting module name: mozalloc.dll, version: 34.0.5.5443,
time stamp: 0x5475d664 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting
process id: 0x1a7c Faulting application start time: 0x01d017c623c0fb53 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 36a0da14-83bb-11e4-8fd8-e006e6e103fb

[ Hewlett-Packard Events ]
Error - 3/12/2012 11:39:19 PM | Computer Name = Jordan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8094
Ram
Utilization: 20 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 4/12/2012 1:13:51 AM | Computer Name = Jordan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8094
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 4/12/2012 9:00:34 AM | Computer Name = Jordan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8094
Ram
Utilization: 20 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

[ System Events ]
Error - 13/12/2014 10:01:20 AM | Computer Name = Jordan-HP | Source = DCOM | ID = 10010
Description =

< End of report >

Edited by Xcode5, 14 December 2014 - 03:05 PM.

#2
zep516

Posted 14 December 2014 - 04:15 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Lets see another scan please, Make sure you download to the desktop or it will not work.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Xcode5

Posted 14 December 2014 - 04:26 PM

New Member

Topic Starter
Member
9 posts

Hey Thanks for helping me.

FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Jordan (administrator) on JORDAN-HP on 15-12-2014 08:23:54
Running from C:\Users\Jordan\Desktop
Loaded Profile: Jordan (Available profiles: Jordan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe
(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
() C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\Jordan\AppData\Roaming\uTorrent\uTorrent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-12-13] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-13] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-12-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [CheckNDISPortf0aca3] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe [421632 2013-05-25] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe [440648 2013-04-20] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-11] (Google Inc.)
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Run: [Facebook Update] => C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-12] (Facebook Inc.)
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [846536 2014-08-17] (MK)
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Winlogon: [Shell] C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe [1048576 2014-12-13] (EFD Software) <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-63926621-1045450870-166368686-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-63926621-1045450870-166368686-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-63926621-1045450870-166368686-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default
FF Homepage: about:home
FF NetworkProxy: "ftp", "119.235.16.41"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "socks", "119.235.16.41"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "119.235.16.41"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-63926621-1045450870-166368686-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jordan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: YOUtuabeAdBloCkoeo - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
FF Extension: BuyNsaVe - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
FF Extension: Google Translator for Firefox - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2013-01-15]
FF Extension: Greasemonkey - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-12-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-11]
CHR Extension: (Google Wallet) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Speed Surfing) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2014-12-15]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR Extension: (BuyNsaVe) - C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm\ [2012-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-12] (EasyAntiCheat Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 idcloakRouting; C:\Program Files (x86)\idcloak VPN\systray\routingservice.exe [38480 2014-04-15] ()
S3 idcloakVPN; C:\Program Files (x86)\idcloak VPN\openvpn\openvpnserv.exe [32568 2014-04-15] (The OpenVPN Project)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-12] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SpotfluxConnectionManager; C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe [93184 2014-07-11] (Microsoft) [File not signed]
R2 SpotfluxUpdateService; C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe [20992 2014-07-11] (Microsoft) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-02] (Disc Soft Ltd)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-21] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2014-12-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation)
R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [60160 2014-07-11] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-12-13] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-26] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-11-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-29] (Spotflux, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-13] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 08:23 - 2014-12-15 08:24 - 00036602 _____ () C:\Users\Jordan\Desktop\FRST.txt
2014-12-15 08:23 - 2014-12-15 08:23 - 02119168 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2014-12-15 08:23 - 2014-12-15 08:23 - 00000000 ____D () C:\FRST
2014-12-15 06:58 - 2014-12-15 06:58 - 00132492 _____ () C:\Users\Jordan\Downloads\OTL.Txt
2014-12-15 06:58 - 2014-12-15 06:58 - 00104136 _____ () C:\Users\Jordan\Downloads\Extras.Txt
2014-12-15 06:45 - 2014-12-15 06:45 - 00602112 _____ (OldTimer Tools) C:\Users\Jordan\Downloads\OTL.exe
2014-12-15 04:52 - 2014-12-15 04:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\009DBC25-96F5-42A9-A935-FEC38F2218B8
2014-12-15 04:47 - 2014-12-15 04:47 - 00000000 ____D () C:\Users\Jordan\Downloads\Arrow - 02x23 - Unthinkable 720p BrRip maric62985
2014-12-15 04:03 - 2014-12-15 04:10 - 00000000 ____D () C:\Users\Jordan\Downloads\Arrow S02E20 Seeing Red 720p HDTV 1280x720 x264 mp4
2014-12-15 04:02 - 2014-12-15 04:02 - 00000000 ____D () C:\Program Files (x86)\Speed Surfing
2014-12-15 04:02 - 2014-12-15 04:02 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\ProgramData\15943647030891824691
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files\95CCB571-1C54-4FE1-A9C7-42F8796C7F80
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files\010
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\YOUtuabeAdBloCkoeo
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\BuyNsaVe
2014-12-15 04:00 - 2014-12-15 04:00 - 01255936 _____ () C:\Users\Jordan\Downloads\Download Arrow S02E20 Seeing Red 720p HDTV 1280x720 x264 mp4 Torrent - KickassTorrents.exe
2014-12-13 21:46 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\Jordan\Downloads\Marc Dorcel - Blackmailed Women 1989
2014-12-13 21:43 - 2014-12-13 21:44 - 57836011 _____ () C:\Users\Jordan\Downloads\595053_mom_in_blackmail-flv.flv
2014-12-13 21:32 - 2014-12-13 21:42 - 00000000 ____D () C:\Users\Jordan\Downloads\Non-Stop (2014) BRRip NL Subs DutchReleaseTeam
2014-12-13 21:04 - 2014-12-13 21:04 - 01707646 _____ (Thisisu) C:\Users\Jordan\Downloads\JRT(1).exe
2014-12-13 21:01 - 2014-12-15 03:20 - 00000914 _____ () C:\Windows\PFRO.log
2014-12-13 21:01 - 2014-12-15 03:20 - 00000112 _____ () C:\Windows\setupact.log
2014-12-13 21:01 - 2014-12-13 21:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-13 20:56 - 2014-12-13 20:56 - 02166272 _____ () C:\Users\Jordan\Downloads\adwcleaner_4.105.exe
2014-12-13 20:48 - 2014-12-13 20:48 - 15201368 _____ () C:\Users\Jordan\Downloads\RogueKiller.exe
2014-12-13 20:48 - 2014-12-13 20:48 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-13 20:48 - 2014-12-13 20:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-13 08:07 - 2014-12-13 08:39 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-12-13 08:07 - 2014-12-13 08:07 - 02047357 _____ () C:\Users\Jordan\Downloads\AutoHotkey104805_Install.exe
2014-12-13 08:07 - 2014-12-13 08:07 - 00001352 _____ () C:\Users\Jordan\Documents\AutoHotkey.ahk
2014-12-13 08:06 - 2014-12-15 08:24 - 00000000 __SHD () C:\Users\Jordan\AppData\Roaming\AutoHotkey
2014-12-12 03:29 - 2014-12-12 03:29 - 00000000 ____D () C:\Users\Jordan\Documents\7 Days To Die
2014-12-12 03:27 - 2014-12-12 03:11 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-12-12 00:36 - 2014-12-12 00:36 - 00000000 ____D () C:\Users\Jordan\TopBot
2014-12-11 06:54 - 2014-12-11 06:54 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:41 - 2014-12-11 03:41 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-11 03:01 - 2014-10-18 12:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-18 11:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 20:30 - 2014-12-04 12:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 20:30 - 2014-12-04 12:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 20:30 - 2014-12-02 09:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 20:30 - 2014-11-27 11:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 20:30 - 2014-11-27 11:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 20:30 - 2014-11-22 13:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 20:30 - 2014-11-22 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 20:30 - 2014-11-22 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 20:30 - 2014-11-22 12:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 20:30 - 2014-11-22 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 20:30 - 2014-11-22 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 20:30 - 2014-11-22 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 20:30 - 2014-11-22 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 20:30 - 2014-11-22 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 20:30 - 2014-11-22 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 20:30 - 2014-11-22 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 20:30 - 2014-11-22 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:30 - 2014-11-22 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 20:30 - 2014-11-22 12:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 20:30 - 2014-11-22 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 20:30 - 2014-11-22 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 20:30 - 2014-11-22 12:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 20:30 - 2014-11-22 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 20:30 - 2014-11-22 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 20:30 - 2014-11-22 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 20:30 - 2014-11-22 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 20:30 - 2014-11-22 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 20:30 - 2014-11-22 12:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 20:30 - 2014-11-22 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 20:30 - 2014-11-22 12:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 20:30 - 2014-11-22 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 20:30 - 2014-11-22 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 20:30 - 2014-11-22 12:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 20:30 - 2014-11-22 11:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 20:30 - 2014-11-22 11:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 20:30 - 2014-11-22 11:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 20:30 - 2014-11-22 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 20:30 - 2014-11-22 11:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 20:30 - 2014-11-22 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 20:30 - 2014-11-22 11:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 20:30 - 2014-11-22 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 20:30 - 2014-11-22 11:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 20:30 - 2014-11-22 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 20:30 - 2014-11-22 11:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 20:30 - 2014-11-22 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 20:30 - 2014-11-22 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 20:30 - 2014-11-22 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 20:30 - 2014-11-22 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 20:30 - 2014-11-22 11:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 20:30 - 2014-11-22 11:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 20:30 - 2014-11-22 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 20:30 - 2014-11-22 11:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 20:30 - 2014-11-22 11:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 20:30 - 2014-11-22 11:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 20:30 - 2014-11-22 11:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 20:30 - 2014-11-22 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 20:30 - 2014-11-22 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 20:30 - 2014-11-22 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 20:30 - 2014-11-22 10:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 20:30 - 2014-11-11 13:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 20:30 - 2014-11-11 12:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 20:30 - 2014-11-11 11:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 20:29 - 2014-11-08 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 20:29 - 2014-11-08 12:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 20:29 - 2014-10-30 12:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 20:29 - 2014-10-30 11:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 20:29 - 2014-10-03 12:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 20:29 - 2014-10-03 12:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 20:29 - 2014-10-03 12:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 20:29 - 2014-10-03 12:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 20:29 - 2014-10-03 12:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 20:29 - 2014-10-03 11:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 20:29 - 2014-10-03 11:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 20:29 - 2014-10-03 11:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 20:29 - 2014-10-03 11:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 20:29 - 2014-10-03 11:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 19:12 - 2014-12-15 03:25 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJordan
2014-12-10 19:12 - 2014-12-15 03:25 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJordan.job
2014-12-09 20:47 - 2014-12-09 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 01:38 - 2014-12-08 01:38 - 12253056 _____ () C:\Users\Jordan\Downloads\[Willy98] 2b Runescape Giveaway 50m Per Person [Willy98].mp4
2014-12-05 22:48 - 2014-12-05 22:48 - 00608500 _____ () C:\Users\Jordan\Downloads\SoulPlay.jar
2014-12-05 22:48 - 2014-12-05 22:48 - 00000000 ____D () C:\Users\Jordan\.soulgames
2014-12-05 21:12 - 2014-12-05 21:12 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Jordan\Downloads\TeamSpeak3-Client-win32-3.0.16(1).exe
2014-12-05 20:44 - 2014-12-05 20:44 - 08957864 _____ (TeamViewer GmbH) C:\Users\Jordan\Downloads\TeamViewer_Setup.exe
2014-12-05 18:28 - 2014-12-05 18:28 - 31358956 _____ () C:\Users\Jordan\Downloads\WiZARDHAX.com-iNFERNO.zip
2014-12-05 04:37 - 2014-12-05 04:37 - 00000000 ____D () C:\Users\Jordan\Downloads\World of Warcraft 3.3.5a (no install)
2014-12-04 22:04 - 2014-12-04 22:04 - 06574015 _____ () C:\Users\Jordan\Downloads\WiZARDHAX.com-Flare_2.5.zip
2014-12-04 03:03 - 2014-12-04 03:10 - 00000000 ____D () C:\Users\Jordan\Documents\TBot
2014-12-04 03:03 - 2014-12-04 03:03 - 00008037 _____ () C:\Users\Jordan\Desktop\topbot.jar
2014-12-04 00:06 - 2014-12-04 00:06 - 00000000 ____D () C:\Program Files (x86)\HitLeap
2014-12-04 00:04 - 2014-12-04 00:05 - 27660288 _____ () C:\Users\Jordan\Downloads\HitLeap Viewer.msi
2014-12-03 23:52 - 2014-12-03 23:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\java
2014-12-03 19:46 - 2014-12-03 19:46 - 00638888 _____ (Oracle Corporation) C:\Users\Jordan\Downloads\jxpiinstall(2).exe
2014-12-01 13:57 - 2014-12-01 13:59 - 127316608 ____R () C:\Users\Jordan\Downloads\Prison Architect Alpha 27.zip
2014-11-29 19:37 - 2014-11-11 13:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-29 19:37 - 2014-11-11 13:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-29 19:37 - 2014-11-11 12:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-29 19:37 - 2014-11-11 12:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 17:43 - 2014-11-16 17:48 - 00000000 ____D () C:\UsbFix
2014-11-16 17:42 - 2014-12-15 07:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 17:42 - 2014-12-05 06:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 17:42 - 2014-12-05 06:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-16 17:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 17:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-16 17:42 - 2014-11-16 17:43 - 03703515 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Jordan\Downloads\UsbFix_7_801.exe
2014-11-16 16:31 - 2014-11-16 16:31 - 01458415 _____ (Old McDonald's Farm) C:\Users\Jordan\Downloads\aesetup2.6.exe
2014-11-16 16:31 - 2014-11-16 16:31 - 01458415 _____ (Old McDonald's Farm) C:\Users\Jordan\Downloads\aesetup2.6(1).exe
2014-11-16 16:29 - 2014-11-16 16:29 - 01331304 _____ () C:\Users\Jordan\Downloads\AVG_ShowHidden_en.exe
2014-11-16 16:26 - 2014-11-16 16:26 - 02856736 _____ (MyCity) C:\Users\Jordan\Downloads\MCShield-Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 08:24 - 2013-01-26 21:33 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\uTorrent
2014-12-15 08:03 - 2014-07-12 16:58 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000UA.job
2014-12-15 08:01 - 2012-12-02 19:07 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Skype
2014-12-15 07:58 - 2014-07-13 05:11 - 00000045 _____ () C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
2014-12-15 07:52 - 2012-11-11 16:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 07:41 - 2012-02-06 04:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 05:59 - 2012-11-11 15:55 - 01793951 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 05:01 - 2014-02-13 16:09 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\vlc
2014-12-15 04:01 - 2012-12-17 01:02 - 00000000 ____D () C:\Users\Jordan\AppData\Local\CrashDumps
2014-12-15 03:30 - 2009-07-14 14:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 03:30 - 2009-07-14 14:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 03:25 - 2012-11-11 16:01 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{08CEF188-FBC0-475E-A4D8-6A8C8ACD0F75}
2014-12-15 03:21 - 2012-11-11 16:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 03:20 - 2014-05-11 13:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-15 03:20 - 2013-12-13 20:06 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-12-15 03:20 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 23:02 - 2014-07-18 21:53 - 00000000 ____D () C:\Users\Jordan\Downloads\Sia - 1000 Forms Of Fear 2014 320kbps CBR MP3 [VX]
2014-12-13 21:00 - 2014-05-03 10:43 - 00000000 ____D () C:\AdwCleaner
2014-12-13 20:43 - 2009-07-14 15:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 20:42 - 2014-04-13 22:05 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 20:42 - 2014-03-02 15:06 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
2014-12-13 20:42 - 2012-11-23 22:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-13 19:39 - 2014-07-13 05:11 - 00000024 _____ () C:\Users\Jordan\random.dat
2014-12-13 08:39 - 2013-12-13 19:59 - 00000000 ____D () C:\Windows\SHELLNEW
2014-12-13 05:35 - 2013-06-26 03:14 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\.StarMade
2014-12-13 04:06 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 23:53 - 2014-07-12 16:58 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000Core.job
2014-12-12 23:42 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2014-12-12 00:36 - 2012-11-11 15:55 - 00000000 ____D () C:\Users\Jordan
2014-12-11 21:26 - 2012-11-25 18:46 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJORDAN-HP$
2014-12-11 21:26 - 2012-11-25 18:46 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForJORDAN-HP$.job
2014-12-11 18:55 - 2013-01-04 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 06:54 - 2014-05-11 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 06:54 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 06:54 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:41 - 2012-02-06 04:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 03:41 - 2012-02-06 04:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 03:41 - 2012-02-06 04:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 00:49 - 2012-12-12 00:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-09 00:49 - 2012-11-12 21:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-09 00:36 - 2009-07-14 15:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-08 04:53 - 2014-07-13 05:14 - 00000045 _____ () C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
2014-12-06 02:13 - 2014-07-05 06:25 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\.minecraft
2014-12-05 21:45 - 2014-08-23 21:55 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\TS3Client
2014-12-05 21:17 - 2012-12-13 20:58 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\TeamViewer
2014-12-03 20:05 - 2014-03-01 09:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-03 19:49 - 2014-05-16 20:23 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-03 19:49 - 2014-05-16 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-03 19:49 - 2014-05-16 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-03 19:49 - 2014-05-16 20:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 19:49 - 2012-11-11 16:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-01 14:08 - 2013-06-24 06:55 - 00000000 ____D () C:\Users\Jordan\Desktop\Games and stuff
2014-11-24 14:04 - 2010-11-21 13:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2012-11-17 14:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 17:42 - 2012-11-17 14:13 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Malwarebytes
2014-11-16 17:42 - 2012-11-17 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-16 17:42 - 2012-11-17 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
C:\Users\Jordan\random.dat

Some content of TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\DB867376.exe
C:\Users\Jordan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-05 02:02

==================== End Of Log ============================

Addition Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Jordan at 2014-12-15 08:24:34
Running from C:\Users\Jordan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
1.0 (HKLM-x32\...\Rugby_is1) (Version: - )
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}) (Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
BuyNsaVe (HKLM-x32\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version: - BuyNsave) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
couponarific (HKLM\...\95CCB571-1C54-4FE1-A9C7-42F8796C7F80) (Version: 2.0.1 - couponarific) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 3 (HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.2 - Hotger)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Graphmatica (HKLM-x32\...\{29E2F696-A2BB-4E88-BBCD-D6963DAFEE9E}) (Version: 2.3.2.0 - kSoft)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
idcloak VPN (HKLM-x32\...\idcloak VPN) (Version: 2.1.2 - idcloak Technologies Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
Kerbal Space Program (HKLM-x32\...\{44998254-6F6A-4D79-A243-343AB2391BA9}) (Version: 0.25 - HexHunterZ)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManticoreTree (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version: - CutterFunc) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKLOL (HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\MKLOL) (Version: - )
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version: - Frictional Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Puzzle Pirates (HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Puzzle Pirates) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Speed Surfing (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - )
Spotflux (HKLM-x32\...\Spotflux) (Version: 3.0.0 - Spotflux) <==== ATTENTION!
Spotify (HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
StarMade (HKLM-x32\...\Steam App 244770) (Version: - Schine, GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TELSTRA PRE-PAID 4G USB (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UsbFix (HKLM-x32\...\Usbfix) (Version: 7.801 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

09-12-2014 12:29:52 Windows Update
10-12-2014 17:00:25 Windows Update
12-12-2014 17:00:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {223A699C-D1F8-4116-A603-0B284608C0DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {366F2F0C-B8AA-4110-BCD6-2625232D5C33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3ECAB691-CE9C-45F8-8D17-FB275A6A9835} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000Core => C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-12] (Facebook Inc.)
Task: {59FEB012-A4A5-4BBA-B214-3341C9169CFA} - System32\Tasks\{AAC8BBBD-CA11-4463-AE90-B66B93070E63} => pcalua.exe -a C:\Users\Jordan\Downloads\amddriverdownloader(2).exe -d C:\Users\Jordan\Downloads
Task: {60EB63CD-327D-428E-8C10-179213C1BC9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {72915C30-5F6F-4F65-BF4C-6C1F6FD8A5F1} - System32\Tasks\HPCeeScheduleForJORDAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {72E2D90B-8C94-4679-8DDE-D54B5F3582BF} - \SW-Booster-S-584836823 No Task File <==== ATTENTION
Task: {840B0C5C-27E8-46EB-87EF-C9D62D24F76D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
Task: {8D138309-D90B-4A0D-8E01-E4B70E335120} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {950D0AB3-7D87-4B4E-AB85-17AEE17FE198} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000UA => C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-12] (Facebook Inc.)
Task: {A027AF57-13CC-4D64-BD7C-EF9637B0738C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A5C00CDB-1E5D-4BC0-B947-339530DB4C73} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {BB318E04-8C38-4B64-AF10-30475F7D2BFF} - System32\Tasks\HPCeeScheduleForJordan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BEFFE24A-114E-461E-99BF-5F46C699D5D4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {CA7E4AF9-4197-4C71-85D6-AAEF2818D635} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {E27A802A-AC04-4049-9C65-CA20ED0BFC3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {E4D7184E-D788-41C3-AA96-42EAB811F5CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EA008BB7-9798-4FB3-B995-BEC14A6B3747} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-29] (CyberLink)
Task: {ED489717-0A98-42DE-A8F5-C414D17BF915} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDE8F1C3-0759-4B09-ADD4-8E5AFC5D091D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000Core.job => C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-63926621-1045450870-166368686-1000UA.job => C:\Users\Jordan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJORDAN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJordan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-06-01 19:50 - 2011-12-17 06:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-06-04 20:26 - 2013-06-12 16:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-06 11:24 - 2012-01-06 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-21 14:22 - 2013-05-25 03:16 - 00421632 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
2014-04-21 14:22 - 2013-04-20 00:21 - 00440648 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
2012-01-18 15:34 - 2012-01-18 15:34 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-27 08:41 - 2011-12-27 08:41 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-11 15:47 - 2014-07-11 15:47 - 00007168 _____ () C:\Program Files (x86)\spotflux\services\SpotfluxCore.dll
2014-07-11 15:47 - 2014-07-11 15:47 - 00009728 _____ () C:\Program Files (x86)\spotflux\services\SFEvents.dll
2014-07-11 15:47 - 2014-07-11 15:47 - 00019456 _____ () C:\Program Files (x86)\spotflux\services\WebServices.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-01 09:44 - 2011-09-01 09:44 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-09-01 09:44 - 2011-09-01 09:44 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-10-16 22:12 - 2014-10-16 22:12 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-06-01 19:51 - 2011-11-30 13:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-01 19:50 - 2011-12-17 04:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-09 20:47 - 2014-12-09 20:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-11 03:41 - 2014-12-11 03:41 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jordan\Application Data:NT
AlternateDataStreams: C:\Users\Jordan\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Spotify => "C:\Users\Jordan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Jordan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-63926621-1045450870-166368686-500 - Administrator - Disabled)
Guest (S-1-5-21-63926621-1045450870-166368686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-63926621-1045450870-166368686-1002 - Limited - Enabled)
Jordan (S-1-5-21-63926621-1045450870-166368686-1000 - Administrator - Enabled) => C:\Users\Jordan

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 04:01:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1a7c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/15/2014 03:22:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/14/2014 00:01:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Microsoft Office Sessions:
=========================
Error: (12/15/2014 04:01:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251a7c01d017c623c0fb53C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll36a0da14-83bb-11e4-8fd8-e006e6e103fb

Error: (12/15/2014 03:22:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 48%
Total physical RAM: 8094.36 MB
Available physical RAM: 4164.04 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 11644.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:677.56 GB) (Free:365.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.78 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (P9172 _SE_1) (CDROM) (Total:6.51 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 931A8E39)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End Of Log ============================

#4
zep516

Posted 14 December 2014 - 04:52 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Please uninstall these programs from your installed programs list. Start > Control Panel > programs an Features:
1 BuyNsaVe
2 couponarific
3 Spotflux

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Winlogon: [Shell] C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe [1048576 2014-12-13] (EFD Software) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "ftp", "119.235.16.41"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "socks", "119.235.16.41"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "119.235.16.41"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Extension: YOUtuabeAdBloCkoeo - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
FF Extension: BuyNsaVe - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (BuyNsaVe) - C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm\ [2012-11-11]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\YOUtuabeAdBloCkoeo
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\BuyNsaVe
C:\ProgramData\hash.dat
C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
C:\Users\Jordan\random.dat
C:\Users\Jordan\AppData\Local\Temp\DB867376.exe
C:\Users\Jordan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll
Task: {72E2D90B-8C94-4679-8DDE-D54B5F3582BF} - \SW-Booster-S-584836823 No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Jordan\Application Data:NT
AlternateDataStreams: C:\Users\Jordan\AppData\Roaming:NT
cmd: ipconfig /flushdns
Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next you already downloaded these next 2 programs JRT an AdwCleaner, I want you to run them again and post the logs. Don't post old log reports that may still be on the desktop from these tools.

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.\

In your next reply post:
- Fixlog.txt, located on desktop.
- The AdwCleaner log [SO].txt after you run clean option
- The JRT.txt

#5
Xcode5

Posted 14 December 2014 - 05:27 PM

New Member

Topic Starter
Member
9 posts

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Jordan at 2014-12-15 09:00:56 Run:1
Running from C:\Users\Jordan\Desktop
Loaded Profile: Jordan (Available profiles: Jordan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-63926621-1045450870-166368686-1000\...\Winlogon: [Shell] C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe [1048576 2014-12-13] (EFD Software) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "ftp", "119.235.16.41"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "socks", "119.235.16.41"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "119.235.16.41"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Extension: YOUtuabeAdBloCkoeo - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
FF Extension: BuyNsaVe - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] [2014-12-15]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (BuyNsaVe) - C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm\ [2012-11-11]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\YOUtuabeAdBloCkoeo
2014-12-15 04:01 - 2014-12-15 04:01 - 00000000 ____D () C:\Program Files (x86)\BuyNsaVe
C:\ProgramData\hash.dat
C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat
C:\Users\Jordan\jagex_cl_runescape_LIVE.dat
C:\Users\Jordan\random.dat
C:\Users\Jordan\AppData\Local\Temp\DB867376.exe
C:\Users\Jordan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll
Task: {72E2D90B-8C94-4679-8DDE-D54B5F3582BF} - \SW-Booster-S-584836823 No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Jordan\Application Data:NT
AlternateDataStreams: C:\Users\Jordan\AppData\Roaming:NT
cmd: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Processes closed successfully.
HKU\S-1-5-21-63926621-1045450870-166368686-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] => Moved successfully.
C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected] => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\kbmkapgflchcioppcafdhfflnnngficm\ => Moved successfully.
EagleX64 => Service deleted successfully.
C:\Program Files (x86)\YOUtuabeAdBloCkoeo => Moved successfully.
"C:\Program Files (x86)\BuyNsaVe" => File/Directory not found.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Jordan\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Jordan\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jordan\random.dat => Moved successfully.
C:\Users\Jordan\AppData\Local\Temp\DB867376.exe => Moved successfully.
C:\Users\Jordan\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72E2D90B-8C94-4679-8DDE-D54B5F3582BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72E2D90B-8C94-4679-8DDE-D54B5F3582BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW-Booster-S-584836823" => Key deleted successfully.
"C:\Users\Jordan\Application Data" => ":NT" ADS not found.
C:\Users\Jordan\AppData\Roaming => ":NT" ADS removed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 460 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Adwcleaner log

# AdwCleaner v4.105 - Report created 15/12/2014 at 09:17:32
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jordan - JORDAN-HP
# Running from : C:\Users\Jordan\Downloads\adwcleaner_4.105(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\15943647030891824691
Folder Deleted : C:\Program Files (x86)\DeltaFix

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[sih3gr05.default\prefs.js] - Line Deleted : user_pref("extensions.aTi3QBMl1TA1wp1g.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[sih3gr05.default\prefs.js] - Line Deleted : user_pref("extensions.vk2gPgsFZHCMCkIA.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [9674 octets] - [03/05/2014 10:43:49]
AdwCleaner[R1].txt - [2921 octets] - [13/12/2014 20:56:47]
AdwCleaner[R2].txt - [2216 octets] - [15/12/2014 09:15:11]
AdwCleaner[S0].txt - [8689 octets] - [03/05/2014 10:45:17]
AdwCleaner[S1].txt - [2992 octets] - [13/12/2014 21:00:40]
AdwCleaner[S2].txt - [2167 octets] - [15/12/2014 09:17:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2227 octets] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jordan on Mon 15/12/2014 at 9:21:53.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\sih3gr05.default\prefs.js

user_pref("extensions.vk2gPgsFZHCMCkIA.url", "hxxp://superimes.info/sync2/?q=hfZ9ofV9CShEAen0rTwEqHrMg708BNmGWj8znShGheDUojw9rjsFqdw5rdsEqShIC7n0rjnFrTw9rjYErHa9tNhVCT94tMVKhd

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 15/12/2014 at 9:25:02.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
zep516

Posted 14 December 2014 - 05:44 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Thanks for those logs

Run your Malwarebytes and post a log report, don't post pictures of the Malwarebytes program I want log reports.

Get the log report like this in case you have trouble getting the log report.

After running Malwarebytes

Open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Post that saved log to your next reply.

Thanks
Joe

#7
Xcode5

Posted 14 December 2014 - 06:20 PM

New Member

Topic Starter
Member
9 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/12/2014
Scan Time: 9:55:13 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.14.07
Rootkit Database: v2014.12.08.03
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jordan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377691
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#8
zep516

Posted 14 December 2014 - 06:23 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

What issues remain and in what browser ?

Thanks
Joe

#9
Xcode5

Posted 14 December 2014 - 06:29 PM

New Member

Topic Starter
Member
9 posts

Well after all this it has appered that malwarebytes has stopped spamming notifications about the notepad.exe being quarantined. also my cursor has stopped randomly showing the loading icon, also computer seems to stop freezing like it did. So it seems all is good, is there anything else i should do ?

#10
zep516

Posted 14 December 2014 - 06:30 PM

Trusted Helper

Malware Removal
8,093 posts

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#11
Xcode5

Posted 14 December 2014 - 06:32 PM

New Member

Topic Starter
Member
9 posts

UNSUPPORTED OPERATING SYSTEM! ABORTED!

it just came up with that in notpad

#12
zep516

Posted 14 December 2014 - 06:37 PM

Trusted Helper

Malware Removal
8,093 posts

OK,

Not to worry about that.

Lets run an ESET Scan, this is the last scan we run and it could take a very long time, you don't need to it right now. This scan will also find stuff that we already took care of so don't be alarmed if it shows a bunch of infected files.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Post the ESET Scan results when you can for the most part I think you're good here.

Thanks
Joe

#13
Xcode5

Posted 15 December 2014 - 02:02 PM

New Member

Topic Starter
Member
9 posts

Hey sorry been out all day, scan finally finished

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6a1efc61aad6ae4bba8d26e1d1e6635f
# engine=21563
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-15 07:44:10
# local_time=2014-12-16 05:44:10 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3591 16777213 100 95 56799520 181265635 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 72798 170302500 0 0
# scanned=309873
# found=32
# cleaned=31
# scan_time=8187
sh=078786A455720521670D54E1335EB54361CAB21F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{AE954D1E-2E4F-46B6-A45D-666D75766FE8}\Custom.dll"
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="a variant of Win64/SProtector.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant_x64.dll.vir"
sh=D09408D52C6B0092E6BB05C379E3444FB2A10602 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efneeijagohgblbaeciddmlpbhlphgjm\1.0\vzgDp.js.vir"
sh=5A8CCE83D14CA109E03472FC45A0D6F2D9F58BFC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbhgjgfiflgobofcifbdghmciakfcij\5.14\wTLe0.js.vir"
sh=D09408D52C6B0092E6BB05C379E3444FB2A10602 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\efneeijagohgblbaeciddmlpbhlphgjm\1.0\vzgDp.js.vir"
sh=5A8CCE83D14CA109E03472FC45A0D6F2D9F58BFC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbhgjgfiflgobofcifbdghmciakfcij\5.14\wTLe0.js.vir"
sh=D09408D52C6B0092E6BB05C379E3444FB2A10602 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\efneeijagohgblbaeciddmlpbhlphgjm\1.0\vzgDp.js.vir"
sh=5A8CCE83D14CA109E03472FC45A0D6F2D9F58BFC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbhgjgfiflgobofcifbdghmciakfcij\5.14\wTLe0.js.vir"
sh=FFC8C0F5F61304C9FB8C8AE8F84363FD4B303ECC ft=1 fh=a070018d0efef5d2 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\APISupport\APISupport.dll.vir"
sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=6324A1B6DDC60ED6DBF3FD7D5E0D8ED87A69D1DC ft=1 fh=94b7f1c67327f691 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\plugins\ChromeApiPlugin.dll.vir"
sh=BFA42141DFCD3042EE9754CB7D74E1C2078A6F6F ft=1 fh=a9194ffb7f1adcc0 vn="a variant of Win64/Adware.MultiPlug.E application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\YOUtuabeAdBloCkoeo\RxRVEgjpBasl7b.x64.dll"
sh=0FC4AF8D175BA8073D9193164F7790D28DF96AEF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\kbmkapgflchcioppcafdhfflnnngficm\kbmkapgflchcioppcafdhfflnnngficm\fj6W6B5jzn.js"
sh=FBE3EDF957F1794E067E4217DBB6F2A15F7E56B5 ft=1 fh=b312120583663771 vn="a variant of Win32/Adware.MultiPlug.EC application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Jordan\AppData\Local\Temp\DB867376.exe.xBAD"
sh=E100550F5DA5F7D13BE6A87C53AF4C1184DF0243 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected]\content\bg.js"
sh=6EE80ADE2C9D458D18AFDA8C34517B18DA4E4BD1 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\sih3gr05.default\Extensions\[email protected]\content\bg.js"
sh=078786A455720521670D54E1335EB54361CAB21F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\InstallMate\{AE954D1E-2E4F-46B6-A45D-666D75766FE8}\Custom.dll"
sh=E9E092F4565CD2ABE14C3FEE22DB9DDB0E349F19 ft=0 fh=0000000000000000 vn="Win32/AutoRun.WD worm (cleaned by deleting - quarantined)" ac=C fn="C:\UsbFix\Quarantine\D\autorun.inf.vir.vir"
sh=E9E092F4565CD2ABE14C3FEE22DB9DDB0E349F19 ft=0 fh=0000000000000000 vn="Win32/AutoRun.WD worm (cleaned by deleting - quarantined)" ac=C fn="C:\UsbFix\Tools\UpMalware"
sh=ADEBAF060B57BD527125B3CBDFCFAEF300E903D0 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbfkbjcbgkflpnbfefimdakcjmcibop\2.1\FVTtDV9GqmD.js"
sh=167977BD0AFE2B4CE28B201B4C245135937BDEAF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\234\cnZbJiND.js"
sh=ADEBAF060B57BD527125B3CBDFCFAEF300E903D0 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbfkbjcbgkflpnbfefimdakcjmcibop\2.1\FVTtDV9GqmD.js"
sh=167977BD0AFE2B4CE28B201B4C245135937BDEAF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\234\cnZbJiND.js"
sh=ADEBAF060B57BD527125B3CBDFCFAEF300E903D0 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbfkbjcbgkflpnbfefimdakcjmcibop\2.1\FVTtDV9GqmD.js"
sh=167977BD0AFE2B4CE28B201B4C245135937BDEAF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\234\cnZbJiND.js"
sh=D5829E720424390B0E3D96B98D842E34A565DDA5 ft=1 fh=de7c95d23dd17eec vn="Win32/InstallMonetizer.AN potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Jordan\AppData\Local\Flvto Converter\FlvtoConverterSetupV0.3.3.exe"
sh=561537F23319D3210C521560FD8DA2F0C96C6090 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek\174\oZQ5Bm3qxQ.js"
sh=78CD7CB217EA04307679E369996CA05839B42EC6 ft=1 fh=c71c001134255413 vn="a variant of MSIL/Injector.GRG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jordan\AppData\Roaming\AutoHotkey\AutoHotkey.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Jordan\Downloads\ccsetup412.exe"
sh=FBE3EDF957F1794E067E4217DBB6F2A15F7E56B5 ft=1 fh=b312120583663771 vn="a variant of Win32/Adware.MultiPlug.EC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jordan\Downloads\Download Arrow S02E20 Seeing Red 720p HDTV 1280x720 x264 mp4 Torrent - KickassTorrents.exe"
sh=8347837D8E69044E54DDD195AA68E23EEE0771CC ft=1 fh=45efcac9b185946d vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Jordan\Downloads\vppsetup.exe"
sh=85FB1A6F6E7FF57AA0AACA77EC62A7CB1FBB790B ft=1 fh=b0ca08c61ecb4e75 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Jordan\Downloads\zulusetup.exe"

#14
zep516

Posted 15 December 2014 - 04:09 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

If no issues remain pleas follow instructions, this will remove all our tools we used in the process of removing Malware.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.

#15
Xcode5

Posted 16 December 2014 - 04:45 AM

New Member

Topic Starter
Member
9 posts

Did it.

# DelFix v10.8 - Logfile created 16/12/2014 at 20:43:34
# Updated 29/07/2014 by Xplode
# Username : Jordan - JORDAN-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\USBFix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.34_03.05.2014_10.22.33_log.txt
Deleted : C:\Users\Jordan\Downloads\adwcleaner_4.105(1).exe
Deleted : C:\Users\Jordan\Downloads\adwcleaner_4.105.exe
Deleted : C:\Users\Jordan\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Jordan\Downloads\Extras.Txt
Deleted : C:\Users\Jordan\Downloads\JRT(1).exe
Deleted : C:\Users\Jordan\Downloads\JRT.exe
Deleted : C:\Users\Jordan\Downloads\OTL.Txt
Deleted : C:\Users\Jordan\Downloads\OTL.exe
Deleted : C:\Users\Jordan\Downloads\RogueKiller.exe
Deleted : C:\Users\Jordan\Downloads\SecurityCheck.exe
Deleted : C:\Users\Jordan\Downloads\tdsskiller.exe
Deleted : C:\Users\Jordan\Downloads\UsbFix_7_801.exe
Deleted : HKCU\Software\USBFix
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

~ Cleaning system restore ...

Deleted : RP #257 [Windows Update | 12/09/2014 12:29:52]
Deleted : RP #258 [Windows Update | 12/10/2014 17:00:25]
Deleted : RP #259 [Windows Update | 12/12/2014 17:00:14]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########