Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91599 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus keeps ticking Proxy Server box [Solved]


  • This topic is locked This topic is locked
29 replies to this topic

#16 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 04 December 2013 - 03:59 PM

Installed programs list from HijackThis:-

Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS WebStorage Sync Agent
ATK Package
BrowserSafeguard
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
File Opener Pro
Fotogalerie
Galerie de photos
Google Chrome
Google Drive
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
K-Lite Codec Pack 10.1.0 Full
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MyBitCast 2.0
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Gallery
Photo Gallery
Photo Gallery
Qualcomm Atheros Client Installation Program
Raccolta foto
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Visual Studio 2012 x86 Redistributables
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
WinFlash
WinRAR 4.20 (32-bit)

 

OTL log:-

OTL logfile created on: 04/12/2013 21:38:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.76% Memory free
4.58 Gb Paging File | 2.54 Gb Available in Paging File | 55.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 228.57 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.68 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\48b479fa187b2b92d7df41182f6ddf32\PresentationFramework.Aero2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5ab79fc7687b330b8a1e50a053af4c1f\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\17564a0f525c16815fa29197c2cba98b\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\2292e2e421f423b42b496da2f12e4f0e\WindowsBase.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e6b0fac086c9f63921dc57ccb85a0ee4\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\184a908676205d46994e3096a3eb1cea\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af4e47767c78d7335dc160fbe925558c\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\5d9c806d510ce30645b2118d96589486\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a651a53f70ec4356e530497679d60d59\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\220f99197372e34d3a6ca5005e7ef1f0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\9ce38091b2e714845369c9bc3b5b5395\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys (ASUS)
DRV - (ATKWMIACPIIO_) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/01 19:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2013/12/01 19:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/01 19:34:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...6AC881610&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Docs = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ads Removal = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892CA2A1-B31B-468B-BB8C-162C65531C71}: DhcpNameServer = 30.50.1.1 30.50.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDFA2F10-8C46-42C4-8BFF-6B0C9B90B6FB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 23:21:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Intel_Corporation
[2013/12/01 23:14:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\CrashDumps
[2013/12/01 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Macromedia
[2013/12/01 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2013/12/01 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Mozilla
[2013/12/01 19:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/01 19:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/12/01 19:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/01 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nosibay
[2013/12/01 19:32:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Nosibay
[2013/12/01 18:12:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\RK_Quarantine
[2013/12/01 18:06:27 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Paul\Desktop\dds.scr
[2013/11/30 18:16:26 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Paul\Desktop\JRT.exe
[2013/11/30 15:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/30 15:13:56 | 000,116,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/30 15:13:16 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2013/11/30 11:06:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/11/30 10:14:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\Desktop\HiJackThis.exe
[2013/11/30 10:12:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Deployment
[2013/11/29 22:41:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/29 18:34:27 | 002,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013/11/29 18:34:27 | 001,085,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2013/11/29 18:34:26 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2013/11/29 18:33:50 | 018,577,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/29 18:33:47 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/29 18:33:46 | 013,176,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/11/29 18:33:44 | 011,674,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/29 18:33:22 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2013/11/29 18:33:11 | 006,639,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013/11/29 18:33:08 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/11/29 18:33:06 | 005,769,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013/11/29 18:33:04 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/11/29 18:33:02 | 004,104,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/11/29 18:33:00 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/11/29 18:33:00 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/11/29 18:32:59 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/11/29 18:32:57 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/11/29 18:32:57 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013/11/29 18:32:56 | 002,328,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013/11/29 18:32:56 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2013/11/29 18:32:55 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013/11/29 18:32:55 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2013/11/29 18:32:54 | 001,067,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013/11/29 18:32:53 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2013/11/29 18:32:53 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013/11/29 18:32:52 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/11/29 18:32:52 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013/11/29 18:32:51 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/11/29 18:32:51 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/11/29 18:32:51 | 000,481,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013/11/29 18:32:50 | 002,134,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2013/11/29 18:32:50 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2013/11/29 18:32:50 | 000,699,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10level9.dll
[2013/11/29 18:32:50 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013/11/29 18:32:49 | 004,599,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2013/11/29 18:32:48 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013/11/29 18:32:48 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/11/29 18:32:47 | 001,373,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013/11/29 18:32:47 | 001,011,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2013/11/29 18:32:47 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2013/11/29 18:32:46 | 000,708,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2013/11/29 18:32:46 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2013/11/29 18:32:45 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/11/29 18:32:45 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2013/11/29 18:32:45 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2013/11/29 18:32:44 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013/11/29 18:32:44 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/11/29 18:32:44 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013/11/29 18:32:43 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013/11/29 18:32:43 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll
[2013/11/29 18:32:41 | 000,031,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2013/11/29 18:32:40 | 000,465,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2013/11/29 18:32:40 | 000,391,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsmf.dll
[2013/11/29 18:32:40 | 000,171,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll
[2013/11/29 18:32:38 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2013/11/29 18:32:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2013/11/29 18:32:38 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013/11/29 18:32:38 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll
[2013/11/29 18:32:38 | 000,317,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2013/11/29 18:32:37 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll
[2013/11/29 18:32:37 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013/11/29 18:32:36 | 000,371,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/11/29 18:32:36 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll
[2013/11/29 18:32:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msched.dll
[2013/11/29 18:32:36 | 000,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2013/11/29 18:32:36 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2013/11/29 18:32:35 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll
[2013/11/29 18:32:34 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2013/11/29 18:32:33 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2013/11/29 18:32:33 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWbPrxy.exe
[2013/11/29 18:32:33 | 000,057,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys
[2013/11/29 18:32:33 | 000,044,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2013/11/29 18:32:32 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/11/29 18:32:32 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/11/29 18:32:32 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013/11/29 18:32:32 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/11/29 18:32:31 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/11/29 18:32:31 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/11/29 18:32:31 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2013/11/29 18:32:31 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shsetup.dll
[2013/11/29 18:32:30 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/11/29 18:32:30 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/11/29 18:32:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll
[2013/11/29 18:32:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2013/11/29 18:32:30 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shsetup.dll
[2013/11/29 18:32:29 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/11/29 18:32:29 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll
[2013/11/29 18:32:29 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll
[2013/11/29 18:32:29 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll
[2013/11/29 18:32:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll
[2013/11/29 18:32:28 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll
[2013/11/29 18:32:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/11/29 18:32:27 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2013/11/29 18:32:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ftp.exe
[2013/11/29 18:32:26 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/11/29 18:32:26 | 001,704,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/11/29 18:32:24 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2013/11/29 18:32:24 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2013/11/29 18:32:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/29 18:32:24 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/29 18:32:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ftp.exe
[2013/11/29 18:32:23 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2013/11/29 18:32:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\miutils.dll
[2013/11/29 18:32:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\miutils.dll
[2013/11/29 18:32:23 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2013/11/29 18:32:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2013/11/29 18:25:47 | 001,341,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013/11/29 18:25:45 | 000,136,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2013/11/29 18:24:59 | 001,943,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/11/28 19:52:02 | 003,859,968 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athwbx.sys
[2013/11/28 19:52:02 | 003,859,968 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\athwbx.sys
[2013/11/28 19:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2013/11/28 19:38:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\InstallShield
[2013/11/28 06:47:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Avg2014
[2013/11/26 22:35:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2013/11/26 22:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/11/26 22:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2013/11/26 22:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/11/26 22:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2013/11/26 22:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/11/26 22:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/11/26 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\IObit
[2013/11/26 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/11/26 19:41:06 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\ms-drivers
[2013/11/24 13:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
[2013/11/23 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AVG
[2013/11/23 13:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/11/23 13:34:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/21 20:42:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/21 19:06:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 18:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/10 18:02:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2013/11/10 09:55:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2013/11/09 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Line 6
[2013/11/09 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Line 6
[2013/11/09 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Line6
[2013/11/09 18:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psicraft
[2013/11/09 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Psicraft
[2013/11/09 18:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Psicraft
[2013/11/09 18:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Psicraft
[2013/11/09 09:43:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013/11/09 09:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/09 09:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/07 22:02:38 | 000,000,000 | R--D | C] -- C:\Users\Paul\SkyDrive
[2013/11/07 21:36:51 | 000,000,000 | --SD | C] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2013/11/07 21:36:51 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/11/07 21:36:51 | 000,000,000 | R--D | C] -- C:\Users\Paul\Favorites
[2013/11/07 21:36:51 | 000,000,000 | R--D | C] -- C:\Users\Paul\Desktop
[2013/11/07 21:36:51 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/07 21:36:51 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/11/07 21:36:51 | 000,000,000 | -H-D | C] -- C:\Users\Paul\AppData
[2013/11/07 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Temp
[2013/11/07 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft
[2013/11/07 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/07 21:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/11/07 21:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/11/07 21:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/11/07 21:31:00 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2013/11/07 21:31:00 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2013/11/07 21:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/11/07 21:30:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/11/07 21:28:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/07 21:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/11/07 21:26:58 | 000,872,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/11/07 21:26:58 | 000,698,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/11/07 21:26:42 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/11/07 21:26:42 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/11/07 21:26:42 | 001,286,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/11/07 21:26:42 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/11/07 21:26:42 | 000,977,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/11/07 21:26:42 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/11/07 21:26:42 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/11/07 21:26:42 | 000,294,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/11/07 21:26:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/11/07 21:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/07 21:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/11/07 21:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/11/07 21:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/11/07 21:23:11 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/11/07 21:23:11 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/11/07 21:23:11 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/11/07 21:23:10 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/11/07 21:23:09 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/11/07 21:23:09 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/08/07 10:50:53 | 000,127,232 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\AppData\Local\osppc.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/04 21:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/04 21:24:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/04 19:09:30 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/04 19:06:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/03 21:47:21 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/12/03 21:47:21 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/12/03 21:47:21 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/12/03 21:31:21 | 000,000,721 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2013/12/03 21:28:19 | 3340,075,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 21:28:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/03 21:20:39 | 000,000,408 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\sp_data.sys
[2013/12/01 23:14:23 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\ServiceFilter.ini
[2013/12/01 19:34:29 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/01 18:06:27 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Paul\Desktop\dds.scr
[2013/12/01 18:03:03 | 004,172,288 | ---- | M] () -- C:\Users\Paul\Desktop\RogueKillerX64.exe
[2013/11/30 18:15:50 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Paul\Desktop\JRT.exe
[2013/11/30 18:15:37 | 001,091,882 | ---- | M] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/11/30 15:13:56 | 000,116,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/30 15:13:16 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2013/11/30 11:06:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/11/30 10:57:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Paul\Desktop\HiJackThis.exe
[2013/11/30 09:30:47 | 000,478,056 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/11/28 20:43:38 | 000,001,700 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Outlook.lnk
[2013/11/26 19:41:06 | 000,000,037 | -HS- | M] () -- C:\Users\Paul\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/11/07 21:55:56 | 000,036,198 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/11/07 21:55:56 | 000,036,198 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/11/07 21:55:31 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/07 21:26:58 | 000,872,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/11/07 21:26:58 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/11/07 21:26:42 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/11/07 21:26:42 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/11/07 21:26:42 | 001,286,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/11/07 21:26:42 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/11/07 21:26:42 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/11/07 21:26:42 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/11/07 21:26:42 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/11/07 21:26:42 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/11/07 21:26:42 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/11/05 23:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/11/05 23:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/05 16:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/05 16:11:46 | 018,577,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/05 14:30:00 | 011,674,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/05 14:29:00 | 013,176,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/01 21:06:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/01 19:34:29 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/01 19:34:29 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/01 18:03:26 | 004,172,288 | ---- | C] () -- C:\Users\Paul\Desktop\RogueKillerX64.exe
[2013/11/30 18:17:24 | 001,091,882 | ---- | C] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/11/30 09:49:51 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013/11/29 18:32:31 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/28 20:41:29 | 000,001,700 | ---- | C] () -- C:\Users\Paul\Desktop\Microsoft Outlook.lnk
[2013/11/28 19:52:02 | 000,367,551 | ---- | C] () -- C:\WINDOWS\SysNative\athwbx.inf
[2013/11/28 19:52:02 | 000,086,035 | ---- | C] () -- C:\WINDOWS\SysNative\athwbx.cat
[2013/11/26 19:41:06 | 000,000,037 | -HS- | C] () -- C:\Users\Paul\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/11/07 21:59:46 | 000,001,448 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/07 21:55:31 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/07 21:41:34 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/11/07 21:36:40 | 000,036,198 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/11/07 21:36:40 | 000,036,198 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/10/31 21:56:36 | 000,217,176 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/10/01 13:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/01 13:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/01 13:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 03:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/07 10:50:53 | 002,945,485 | ---- | C] () -- C:\Users\Paul\AppData\Local\tokensall.dat
[2013/08/07 10:50:53 | 000,143,360 | ---- | C] () -- C:\Users\Paul\AppData\Local\PortQry.exe
[2013/08/07 10:50:53 | 000,052,704 | ---- | C] () -- C:\Users\Paul\AppData\Local\regall.reg
[2013/08/07 10:50:53 | 000,049,377 | ---- | C] () -- C:\Users\Paul\AppData\Local\ospp.vbs
[2013/08/07 10:50:53 | 000,033,019 | ---- | C] () -- C:\Users\Paul\AppData\Local\slerror.xml
[2013/08/07 10:50:53 | 000,032,256 | ---- | C] () -- C:\Users\Paul\AppData\Local\instsrv.exe
[2013/08/07 10:50:53 | 000,014,176 | ---- | C] () -- C:\Users\Paul\AppData\Local\ospprearm.exe
[2013/08/07 10:50:53 | 000,008,192 | ---- | C] () -- C:\Users\Paul\AppData\Local\srvany.exe
[2013/08/07 10:50:53 | 000,001,012 | ---- | C] () -- C:\Users\Paul\AppData\Local\service.inf
[2013/08/07 10:50:53 | 000,000,796 | ---- | C] () -- C:\Users\Paul\AppData\Local\hs_message.vbs
[2013/08/07 10:50:53 | 000,000,148 | ---- | C] () -- C:\Users\Paul\AppData\Local\DisableService.reg
[2013/08/06 17:28:09 | 000,000,408 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\sp_data.sys
[2012/11/27 04:08:26 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/11/27 04:08:26 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/11/27 04:08:26 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2012/09/10 13:54:34 | 000,000,721 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/09/03 10:43:34 | 000,062,976 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/09/03 10:38:54 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/09/03 10:02:12 | 000,344,576 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/09/03 10:02:12 | 000,090,208 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/09/03 10:02:12 | 000,086,108 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/09/03 10:02:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/09/03 10:02:12 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/09/03 10:02:12 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/07/25 20:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/07/25 20:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012/06/13 07:45:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\SysWow64\SROF.dll
[2012/06/04 20:31:00 | 000,000,417 | ---- | C] () -- C:\WINDOWS\SysWow64\RaoBLE.ini
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/11/29 18:17:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 20:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 18:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Paul\SkyDrive:ms-properties

< End of report >

 

Extras log:-

OTL Extras logfile created on: 04/12/2013 21:38:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.76% Memory free
4.58 Gb Paging File | 2.54 Gb Available in Paging File | 55.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 228.57 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.68 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D0D66B6-042B-443D-8B80-DE928A9B3FE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37689EA7-54CF-4065-84D4-75AE77DACF97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EE5CC0C-2C0E-47D4-8CCE-C83EAB299FE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{6A0DE787-3D54-4D0F-95AA-4E0FE1C242BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{994483DC-AA18-4E94-A867-8F2079EA2FD8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F3908B9-AF84-4AE4-AE0F-A3CA352764A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B1BA499D-34D7-4542-BC63-2EA7AB4F38B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B28CDD46-64B4-40B4-950A-EE353C9A5FCF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2BEA17A-C7B0-4D6E-9200-5CE1FF2D4217}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3470398-7DB7-495B-9D6C-2A7177BEADD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D4F79B70-CF98-4766-B5CC-B7B67119B5EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2103DF5-3AC6-4D87-96EA-C31EEA8E8137}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013946AA-8C68-4D3C-83ED-4DD056DCF422}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{023CD611-8CAB-412A-ADA8-9FBE3DA24FF7}" = dir=in | name=check point vpn |
"{06EA04D0-1017-49A8-B841-1898DD4AA828}" = dir=out | name=microsoft solitaire collection |
"{07D1AD1B-0AB0-4C5F-A764-D290665C63A7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{094B326B-CEAC-4E33-8E22-A6217BB9E8EE}" = dir=out | name=pinball fx2 |
"{0FBF798A-DCDA-438B-B790-65D408D76FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1072B74C-229A-4880-A684-14B884917797}" = dir=in | name=skype |
"{11233A99-D591-49C4-AECD-33243A0AA218}" = dir=out | name=skype |
"{11A61905-BBAC-4B8E-90AD-6E25157DD143}" = dir=out | name=sonicwall mobile connect |
"{12149973-6A25-46D1-A43A-87B46E1E80F5}" = dir=out | name=f5 vpn |
"{12C2F729-1203-422A-95C3-E248A02555E1}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{13104A5E-5F61-41DB-A073-F0EE991D762C}" = dir=in | name=check point vpn |
"{1403B4EA-03BE-4DC1-B544-7FF223FE708B}" = dir=in | name=juniper networks junos pulse |
"{1477CB80-40CB-40D7-A056-F6F67D6AB7C4}" = dir=out | name=pinball fx2 |
"{147EC463-B2FF-4B99-AE14-ACC6284B4D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{168F4B40-9ABD-48AB-9D2D-9E85F318E1EB}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{16CA3A14-1FE1-4BB9-908C-BFBD1D64540B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{1887233A-A081-402B-BD36-71C843A35D68}" = dir=out | name=check point vpn |
"{18AE6688-608E-4D9E-AF15-51DB31A050AC}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{19433EBD-46E1-4CA2-BFA6-0D3F2E7F7569}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{19A88335-C621-4752-972A-63EC2A848B15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DFD3484-70BC-400E-AF34-B0AD7FFB01D1}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{205A4BBB-3E80-472A-8CB6-30F4FB581A54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{207E223F-7741-47F0-9BBB-B9107A27CB7F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{218126F5-BC80-4344-95E6-3E8D1F69F0B6}" = dir=out | name=check point vpn |
"{224284BC-C22F-4857-967D-53FB91E30720}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{234CA53A-3804-484D-82F7-AD990B9E5DC9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{23D7FAA2-6DD7-4533-933B-62C45D3AEF47}" = dir=out | name=fresh paint |
"{2502CB8B-AAA4-46A9-947F-07E60F4F39D1}" = dir=out | name=taptiles |
"{256E0D38-9C42-4FDA-875B-3663A276D539}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{258D7ACA-EA2A-4F1A-B3E3-48A349CFF186}" = dir=in | name=taptiles |
"{26FA66DD-30E5-4890-AEB3-E4177B487739}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2721E8F5-EAAE-4A83-A462-CF854B3A5F14}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{279E3B4F-A0E9-4D15-B3E9-A7FD00416615}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{27E56E19-4945-4F6B-BBBF-E04538949CEB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{29A1DE21-AE9E-4DED-A55B-EF92B16D8DBF}" = dir=in | name=pinball fx2 |
"{29A5FEE4-E8CA-44DB-A2DD-18EA27E7ED0A}" = dir=in | name=f5 vpn |
"{2A12066F-2A06-47F3-989F-3697F01EC84D}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{2CD6C3A3-D4F1-4D95-8328-F667123B1CCF}" = dir=in | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{31496C57-93B1-41B6-B91A-A3E098AE8711}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{31A1C7E3-2B52-4334-A5D1-0C6670390A40}" = dir=out | name=pinball fx2 |
"{32815239-E3DA-4BE1-B3A9-292A8E6AB4FF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{32B4EA74-0CC9-454A-AB3B-3A53F0AA4C03}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3524A81F-DE8A-4943-8BBE-E4FD2C29D687}" = protocol=6 | dir=out | app=system |
"{38C42D3C-F3DE-4758-972C-E78AD93E0ECD}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3BAB1E60-C7F9-448C-8388-4F1A744CD54C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3D04B1B2-28E5-4933-9B8C-516E9BD568E2}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3F19AEED-8422-4DBF-A8CB-5470AC4B6D1D}" = dir=out | name=check point vpn |
"{402311D6-B896-43DB-B17D-4C7C7B50C2B1}" = dir=out | name=windows_ie_ac_001 |
"{41012A02-4BB6-467C-B5CE-FC7386EE99B2}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{41F84107-5EF2-4B4F-8C79-03A85AAE5AC9}" = dir=in | name=skype |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{44AAEF05-7DA5-4A35-9902-836BD6D1EE47}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{476DA429-4DDC-4DEC-8862-142C9CBF0315}" = dir=in | name=taptiles |
"{4770CA67-9B9D-43D4-8AB4-9F47F6FE858A}" = dir=out | name=juniper networks junos pulse |
"{4AE44F50-FB30-43EC-9CDE-A2081002BCC2}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{4BD62D0E-9793-4440-9803-69FBA0DE0A7A}" = dir=in | name=pinball fx2 |
"{4E5DB9CC-470A-4726-BB2A-1BABFB33A3A5}" = dir=out | name=windows_ie_ac_001 |
"{5012B505-A2FB-41CA-ADD2-6A2C121170B6}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{50E2829F-7307-4289-BEB0-F4573B807EE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{513A01AB-E5E1-446E-822E-0DE942C1696E}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54D5CCFE-5771-4577-87E9-A9BFA0B41B72}" = dir=in | name=sonicwall mobile connect |
"{558A4C1E-B43D-4E00-B114-3BA62D6E525C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{57C0F666-E390-4EA9-A1C4-F5B25AC7673B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{595E1163-B81D-4021-A1A0-256FE22AC572}" = dir=out | name=f5 vpn |
"{5A219EE7-8054-401C-8602-AA977E5560D9}" = dir=in | name=f5 vpn |
"{5B705A2F-7069-4369-8451-D39E48E2003D}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5B81E7C1-BD2C-4955-A719-7C787B3D3AD7}" = dir=out | name=canon inkjet print utility |
"{5CE5AED0-1D4E-4E90-9873-0D20F7131AFB}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5F3AC264-1AEA-46CF-AB40-C42B9440B214}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6156E5C9-BB5A-4428-88DE-FDC4C350B30A}" = dir=out | name=adera |
"{61A33635-9B25-45F2-B82F-F7205056984D}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{65B9A842-DF93-42C1-A2B8-9EF7D7434124}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{66CA57F3-DEBC-45FB-BFE6-E1E8FECA7352}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{690D4E6D-4A17-41E4-9158-DC2854E1BF90}" = dir=out | name=adera |
"{6BF1E36B-D135-488C-8267-32EDB962CD0A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{6C8AF923-0074-4318-B94E-822BF9C6D7B9}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6D571AC5-AA76-47C5-A305-05FE46DCF4E7}" = dir=out | name=windows phone |
"{6F26DCC3-279C-468C-8304-BE5DE9D95090}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6FAFBFD1-C0A0-46A8-89C4-D858C737ED5B}" = dir=in | name=sonicwall mobile connect |
"{706098D1-942C-43F0-B00E-D30D6A142477}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{722C95B1-43A5-470A-AECC-B89E7D344884}" = dir=out | name=fotor |
"{731C9AC1-7819-4675-B7AB-2FC26B215A63}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{75C62E13-E905-4B97-98CB-79F7C402254F}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{76B6916F-9010-46FF-824E-82C5689A8DF0}" = dir=out | name=ebay |
"{77BB3B22-DBDA-401F-BAE8-2525EE812818}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77FA44A0-0288-479D-A668-7DB1122CB865}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E1CF462-CDBD-48F0-BA7E-A5C1D761E5E1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7EF53AA8-08FD-41DC-B879-CB5AC32F57A1}" = dir=in | name=microsoft solitaire collection |
"{7FAA51A7-A97E-43F0-82B6-38965D28B09C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81E7DA9D-3F0F-4ACF-B1C0-F5B7668442E5}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{85AB97F2-E977-4E3E-9A09-39D52D6F92B9}" = dir=out | name=fresh paint |
"{8720485F-E0E8-4ABC-85FA-4822D1C2EF04}" = dir=out | name=microsoft solitaire collection |
"{8985C07A-2C09-41B8-A025-FB39E30072D2}" = dir=in | name=microsoft solitaire collection |
"{8BB019B0-9BC3-4683-87C6-030EFB35269D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8F5E1966-1157-4F0A-BAD3-4F0776D859CF}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8FF2BFC9-06E1-4BA1-9864-335B5F52A204}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{967E2A47-828B-42F1-9994-E30081710B32}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{96921598-B20E-4FD1-A8C7-58CE50810CDC}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{9AC58338-B04D-43B5-B2EF-61EC0146B4BF}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9BD2AF1C-1431-413C-9B3D-36ADC4700117}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9E91EEF4-204E-4DA8-9DC6-BCA3DE95F5BF}" = dir=out | name=skype |
"{9FD4388A-65B4-484D-86CF-B7F7CD3731F2}" = dir=out | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A085AA7A-D08F-4BA5-8E7F-6643C2483D24}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A2161842-4764-4035-A88A-2D70F83C88C0}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{A26D5C7A-984A-4DA4-806F-A0789352A5CC}" = dir=out | name=adera |
"{A66AE7AA-6F63-47A5-9171-1C146793B701}" = dir=out | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{A75FF6D2-91F8-4F55-93F5-3243DFEBC308}" = dir=in | name=windows phone |
"{A8BD97A0-1008-453A-8EE3-342B4C132C9B}" = dir=out | name=taptiles |
"{AA19B577-895E-40CE-B795-86AA8FAA976B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{AC856488-C1E2-42E6-B536-D68E59AE6825}" = dir=out | name=fresh paint |
"{ACD754E8-C5EE-4C5A-B2BC-000FF9C2FAA0}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{AE83282C-990D-4E6B-8516-E6C6992DA81B}" = dir=out | name=windows_ie_ac_001 |
"{AEDCA494-0D38-4A0B-8722-68517DC811F7}" = dir=out | name=juniper networks junos pulse |
"{AFD0AB3A-9337-4937-AF80-2228B3E075C9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B157C340-E443-4040-B6C3-42ADFE956779}" = dir=in | name=microsoft solitaire collection |
"{B16AF41E-844C-4623-96A4-14BDD6816739}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B1B31FD5-616C-42A7-AB2C-79AE01D8CC1F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B1D73A53-E677-4296-B47C-B4C941F77A39}" = dir=out | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{B75D176D-188F-40F5-9EB2-D9EDA33555DA}" = dir=out | name=sonicwall mobile connect |
"{B7D7D55C-349A-4497-B700-4861EB711293}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B867E600-D30D-4A2A-AB84-BF83D03BD483}" = dir=out | name=canon inkjet print utility |
"{B87F216E-6C30-45A8-8818-08DAF5A573FE}" = dir=in | name=pinball fx2 |
"{BAE3D463-48C8-49BB-9627-76B583CAD3D7}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{BBD8ED8B-28E3-4B38-A2B9-49595E26F93B}" = dir=out | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{BFBEF803-7BBD-40AB-88F6-0B5B89E04DCA}" = dir=out | name=canon inkjet print utility |
"{C0B7AEAE-BAAF-44B9-94E8-B3D02FDE6EDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C123F14C-EFDE-4340-BC76-8BF4963E75FC}" = dir=in | name=taptiles |
"{C1585977-E154-46B0-9F25-B3BAAEF948A8}" = dir=out | name=f5 vpn |
"{C1CB8DA5-E1B5-4E29-82E1-7D73C7543F26}" = dir=in | name=f5 vpn |
"{C1ED9A87-A810-4769-AEF2-B51590AD014F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C468806B-CDC2-42A7-A63A-38EC411D8D8B}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C55D02A5-390C-44BA-A5F9-8183F486B95B}" = dir=in | name=check point vpn |
"{C6442244-A4BA-4C7F-98B2-87807678D0EE}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{CBEB3D53-7DCC-4D23-8560-ACC0D447B128}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{CD8D4E31-1C55-4AE8-A8C6-D628898ACE05}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{CF561589-2B64-4BF8-8B16-3C8B407D1E4F}" = dir=out | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{D10A0900-A72F-4A4A-9AA4-5B27FCBE7029}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D40AA355-CC77-4B3D-A56C-3096F44C5A15}" = dir=in | name=canon inkjet print utility |
"{D673117A-61A1-40BA-B54A-736C2F6671E2}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D736DFEC-5E5F-484C-B624-3882AB989EA2}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{D85EC15D-1198-4495-88BA-CBB493D10349}" = dir=out | name=taptiles |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB87EC2E-A370-443E-B563-5D61C336E343}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{DC37802B-A602-467A-B96B-7E64F06B5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E03B2F40-6CB1-4989-8B20-8843076F42F7}" = dir=out | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{E423F7C4-E249-4AF3-8413-105A052A0407}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{E66BF305-239D-4558-90BB-A04FD4F4E2F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E71C2362-2DE3-4DCD-B8C8-6675713EA1F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7BDCA30-928A-4A43-A834-9FFA9F6B4AE8}" = dir=in | name=sonicwall mobile connect |
"{E84A4795-9382-4F19-B6D8-5BA8C74711C4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E97F1457-2D24-4063-BB7C-5D2C9D711D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA456F2F-8950-410F-B13F-C04E94817396}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{EB952E4D-B7BA-4227-B24F-FFF6DAB9A315}" = dir=in | name=juniper networks junos pulse |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EDB6C78D-7379-42BA-B6CF-8CF34098B237}" = dir=in | name=canon inkjet print utility |
"{EE7F1A47-5C89-4D1C-91F0-B29CD212DC0D}" = dir=out | name=microsoft solitaire collection |
"{F0166F48-3F32-473B-86EB-269DA1FD05B2}" = dir=out | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F14D019C-8D1F-46E3-BEA2-CCA712A8B84D}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{F40DF34E-C01C-4992-B741-ED750633C9F3}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{F5D36F2D-E411-4DE6-8342-66A242B1AB93}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6840E9D-1182-4095-80F5-D5B0EE10F5D8}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F9577068-DCD9-44B5-B7D4-8B3C78EC03BA}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F9580A20-0A96-4B95-957E-F2AD6E51F199}" = dir=out | name=juniper networks junos pulse |
"{FAB88BA5-573F-4838-B907-8F07218779C3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{FACF778D-738C-4958-A7DA-5F5B2A72DEFC}" = dir=out | name=sonicwall mobile connect |
"{FB7DF29E-4BFB-4418-8DE1-E1D873BCF62B}" = dir=in | name=canon inkjet print utility |
"{FDE7F41B-DF3C-4233-AC31-30F99D8FA585}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{FF19851E-C01A-42F9-9E5C-14A1C8D5C99A}" = dir=in | name=juniper networks junos pulse |
"TCP Query User{6CA9C054-24E1-4A7F-A9FB-837752EA9695}C:\users\paul\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\local\akamai\netsession_win.exe |
"TCP Query User{99DF6498-DD5B-4D65-A59C-EF7996F7B380}C:\users\paul\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3605CF5D-4975-4BA0-AC86-3667E4213D5D}C:\users\paul\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BFA9BC85-7708-4B73-B8A5-EC3CC200A6E4}C:\users\paul\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DA4255C-E376-83BE-72B4-B060F7124CC8}" = Ralink Bluetooth Stack64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"5AB9160B769DD2E134ADCB8010377DECA2479378" = Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153)
"AVG" = AVG 2014
"Elantech" = ETDWare PS/2-X64 11.5.9.1_WHQL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Browsersafeguard" = BrowserSafeguard
"fileopenerpro" = File Opener Pro
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.1.0 Full
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyBitCast" = MyBitCast 2.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/12/2013 17:20:51 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgdiagex.exe, version: 14.0.0.4110, time
stamp: 0x5213e5d7  Faulting module name: avgduix.dll, version: 14.0.0.4110, time
stamp: 0x5213e598  Exception code: 0xc0000005  Fault offset: 0x000564f6  Faulting process
ID: 0x13fc  Faulting application start time: 0x01cef06d8a84b779  Faulting application
path: C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgduix.dll  Report ID: c87d8f9c-5c60-11e3-be99-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 03/12/2013 17:32:35 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 14.0.0.4150, time
stamp: 0x52433d90  Faulting module name: avgwd.dll, version: 14.0.0.4150, time stamp:
0x52434012  Exception code: 0xc0000005  Fault offset: 0x00082905  Faulting process ID:
0x1140  Faulting application start time: 0x01cef06f27abc076  Faulting application path:
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgwd.dll  Report ID: 6c75ad1c-5c62-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 03/12/2013 17:32:36 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgdiagex.exe, version: 14.0.0.4110, time
stamp: 0x5213e5d7  Faulting module name: avgduix.dll, version: 14.0.0.4110, time
stamp: 0x5213e598  Exception code: 0xc0000005  Fault offset: 0x000564f6  Faulting process
ID: 0xe64  Faulting application start time: 0x01cef06f2ec45cd0  Faulting application
path: C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgduix.dll  Report ID: 6ceddb89-5c62-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 03/12/2013 17:33:03 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 14.0.0.4150, time
stamp: 0x52433d90  Faulting module name: avgwd.dll, version: 14.0.0.4150, time stamp:
0x52434012  Exception code: 0xc0000005  Fault offset: 0x00082905  Faulting process ID:
0x15f0  Faulting application start time: 0x01cef06f3e5d3bf3  Faulting application path:
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgwd.dll  Report ID: 7cf10f10-5c62-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 03/12/2013 17:33:04 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgdiagex.exe, version: 14.0.0.4110, time
stamp: 0x5213e5d7  Faulting module name: avgduix.dll, version: 14.0.0.4110, time
stamp: 0x5213e598  Exception code: 0xc0000005  Fault offset: 0x000564f6  Faulting process
ID: 0x1648  Faulting application start time: 0x01cef06f3f52d175  Faulting application
path: C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgduix.dll  Report ID: 7de4f32b-5c62-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 03/12/2013 18:07:52 | Computer Name = Home | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 04/12/2013 15:09:09 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 14.0.0.4150, time
stamp: 0x52433d90  Faulting module name: avgwd.dll, version: 14.0.0.4150, time stamp:
0x52434012  Exception code: 0xc0000005  Fault offset: 0x00082905  Faulting process ID:
0x1758  Faulting application start time: 0x01cef1244e723ae5  Faulting application path:
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgwd.dll  Report ID: 8d630adb-5d17-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 04/12/2013 15:09:10 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: avgdiagex.exe, version: 14.0.0.4110, time
stamp: 0x5213e5d7  Faulting module name: avgduix.dll, version: 14.0.0.4110, time
stamp: 0x5213e598  Exception code: 0xc0000005  Fault offset: 0x000564f6  Faulting process
ID: 0x16a8  Faulting application start time: 0x01cef1244fc4cd52  Faulting application
path: C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe  Faulting module path: C:\Program
Files (x86)\AVG\AVG2014\avgduix.dll  Report ID: 8dc2ef86-5d17-11e3-be9b-74d02b6f9372
Faulting
package full name:   Faulting package-relative application ID:

Error - 04/12/2013 15:17:49 | Computer Name = Home | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 04/12/2013 16:39:23 | Computer Name = Home | Source = Microsoft-Windows-LocationProvider | ID = 2006
Description = There was an error with the Windows Location Provider database

[ System Events ]
Error - 03/12/2013 17:32:42 | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s).

Error - 03/12/2013 17:32:57 | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends on the following service: ASMMAP64.
This service might not be installed.

Error - 03/12/2013 17:32:59 | Computer Name = Home | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with the following service-specific
error:   %%3758213659

Error - 03/12/2013 17:33:04 | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s).

Error - 03/12/2013 19:04:14 | Computer Name = Home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 04/12/2013 15:06:29 | Computer Name = Home | Source = NetBT | ID = 4321
Description = The name "HOME           :0" could not be registered on the interface
with IP address 192.168.1.69.  The computer with the IP address 192.168.1.67 did
not allow the name to be claimed by  this computer.

Error - 04/12/2013 15:09:03 | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends on the following service: ASMMAP64.
This service might not be installed.

Error - 04/12/2013 15:09:05 | Computer Name = Home | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with the following service-specific
error:   %%3758213659

Error - 04/12/2013 15:09:11 | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s).

Error - 04/12/2013 16:47:54 | Computer Name = Home | Source = NetBT | ID = 4321
Description = The name "HOME           :0" could not be registered on the interface
with IP address 192.168.1.69.  The computer with the IP address 192.168.1.67 did
not allow the name to be claimed by  this computer.


< End of report >


    Advertisements

Register to Remove


#17 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 04 December 2013 - 04:03 PM

BTW, machine is running OK at the moment

There have been no more incidents of the proxy server box becoming ticked



#18 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 05 December 2013 - 03:49 AM

We are almost there is a bit of tidying up to do and I’d like an online scan before we remove the tools we’ve used.

I suggest you uninstall BrowserSafeguard as it is adware-related and not recommended.

You can uninstall it through Programs and Features.

===================================================

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    
    
    :OTL
    
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
    
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    
    CHR - homepage: http://search.condui...6AC881610&SSPV=
    
    O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
    
    [2013/11/26 22:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
    
    [2013/11/26 22:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    
    [2013/11/26 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\IObit
    
    [2013/11/26 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    
    [2013/11/26 19:41:06 | 000,000,037 | -HS- | M] () -- C:\Users\Paul\AppData\Local\70149b02515b3bb20dd492.47983420
    
    
    
    :Files
    
    ipconfig /flushdns /c
    
    
    
    :Commands
    
    [purity]
    
    [emptytemp]
    
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log.

===================================================

Reset Chrome’s home page:

Your Chrome home page has been changed and will have to be reset manually, (our tools can’t fix it, which Google knows about and couldn’t care less, which is why I wouldn’t use it on principal).

  • open Google Chrome
  • click on the Customize icon Chrome.gif, at the top right
  • click on Settings
  • under “On start-up”, check Open a specific page or set of pages and then on Set pages
  • delete any pages that you don’t want
  • set your start page to the page you want, eg www.google.com.

Once you have typed in the address in the 'Open this page' box, this change is saved. If you close this tab and click on the home icon you should now get your home page.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan
 

  • click the Eset online Scanner button.
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button.
  • accept any security warnings from your browser.
  • check Scan archives and Remove found threats.
  • click Advanced settings and select the following:


    o    Scan potentially unwanted applications
    o    Scan for potentially unsafe applications
    o    Enable Anti-Stealth technology
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
  • push the back button.
  • push Finish

If a log has been produced post it in your next reply.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#19 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 December 2013 - 03:33 PM

Log from OTS scan:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
File  C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mcui_exe deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter folder moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Paul\AppData\Roaming\IObit folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Update folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Language folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8\Update folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8\StartButtonSkin folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8\Resources folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8\Language folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8\images folder moved successfully.
C:\Program Files (x86)\IObit\Start Menu 8 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Skins\White\images folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Skins\White folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Skins\Black\images folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Skins\Black folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Skins folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Language folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Help\img folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Help folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\drivers\win8_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\drivers folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\Images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Language folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\help\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\help folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_ia64 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\defaults folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\chrome\content\subscriptions folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\chrome\content\scripts folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\chrome\content\images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adsremoval@adsremoval.net folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Update\LocalData folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Update\Database\Update folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Update\Database folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Update folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Language folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Images folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Download folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Database\Update folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Database folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbox_Language folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\skin folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LinkImages folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Language folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\wxp_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\wxp_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\wnet_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\wlh_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\win7_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers\win7_amd64 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\drivers folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Boottime\BootTimeData folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Boottime\Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Boottime folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\Users\Paul\AppData\Local\70149b02515b3bb20dd492.47983420 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Helen

User: oliph_000
->Temp folder emptied: 52958751 bytes
->Temporary Internet Files folder emptied: 60954724 bytes
->Google Chrome cache emptied: 17765395 bytes
->Flash cache emptied: 506 bytes

User: oliph_000.HOME
->Temp folder emptied: 122858064 bytes
->Temporary Internet Files folder emptied: 238746162 bytes
->Flash cache emptied: 766 bytes

User: Paul
->Temp folder emptied: 609348912 bytes
->Temporary Internet Files folder emptied: 285903310 bytes
->FireFox cache emptied: 163574600 bytes
->Google Chrome cache emptied: 242356914 bytes
->Flash cache emptied: 2844 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2647311 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16294147 bytes
RecycleBin emptied: 31780853 bytes

Total Files Cleaned = 1,760.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052013_204614

Files\Folders moved on Reboot...
C:\Users\Paul\AppData\Local\Temp\winstore.log moved successfully.
C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#20 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 05 December 2013 - 03:58 PM

Looking good so far. :thumbup:

 

I won't reply until tomorrow as I have just got in and have to eat - early start in the morning.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#21 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 December 2013 - 05:37 PM

Results of ESET scan:-

C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application
C:\Users\Paul\Downloads\QuickTimeAlternativeQT7basedv322.exe a variant of Win32/OpenInstall application
C:\Windows\Installer\MSIF4BC.tmp a variant of MSIL/Toolbar.Linkury.C application



#22 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 December 2013 - 05:38 PM

Results of ESET scan:-

C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application
C:\Users\Paul\Downloads\QuickTimeAlternativeQT7basedv322.exe a variant of Win32/OpenInstall application
C:\Windows\Installer\MSIF4BC.tmp a variant of MSIL/Toolbar.Linkury.C application



#23 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 December 2013 - 05:38 PM

Results of ESET scan:-

C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application
C:\Users\Paul\Downloads\QuickTimeAlternativeQT7basedv322.exe a variant of Win32/OpenInstall application
C:\Windows\Installer\MSIF4BC.tmp a variant of MSIL/Toolbar.Linkury.C application



#24 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 December 2013 - 05:39 PM

Sorry, it did'nt respond then posted three times!



#25 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 December 2013 - 03:02 PM

One of those has already been dealt with and will disappear completely when we clean up. The other two we’ll deal with now.

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q “C:\Users\Paul\Downloads\QuickTimeAlternativeQT7basedv322.exe”
del /f /s /q “C:\Windows\Installer\MSIF4BC.tmp”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

Let me know if there are no further problems and I’ll send instructions to tidy up.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#26 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 08 December 2013 - 10:39 AM

Done that, black box flashed up like you said

Everything seems to be running OK now



#27 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 08 December 2013 - 02:18 PM

Good work :thumbup:

Your computer appears to be clean.

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so. You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Uninstall AdwCleaner


  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows 8

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

If I hear nothing for 24 hours I shall assume all is well and close the topic.

Safe computing

Satchfan
 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#28 shoggo147

shoggo147

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 December 2013 - 03:20 PM

Thanks so much for your time and patience Satchfan in helping to clean up my PC

Its much appreciated.

 

I will take your advice and install those programs



#29 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 December 2013 - 01:52 AM

Thanks so much for your time and patience Satchfan in helping to clean up my PC
Its much appreciated.

 

You're welcome.

 

Have a good Christmas. :adios:


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#30 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,285 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 December 2013 - 03:58 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users