Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected to "yhs4" on several browsers.


  • This topic is locked This topic is locked
79 replies to this topic

#1 bonessage

bonessage

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 17 June 2014 - 01:07 PM

Hello, I've downloaded what seems to be a browser hijack ad-ware. I wanted to download a program to use on my computer named sandboxie, I unfortunately downloaded it from the wrong website and it turned out to be malware, or adware. I believe my AVG free picked it up after I installed it, but at that point it was too late. I've ran malwarebites, bitdefender, norton360, avg free, spyware search and destroy, hitmanpro, jrt, hijaxthis, malwarecleaner and none have successfully removed the ad-ware. I am using temporarily an open source google chrome broswer named "SRWare Iron"; however, I also use google chrome and the problem is on that broswer as well. The problem is that when I search through the omnibox instead of searching through google it redirects to a fake yahoo website named us.yhs4.search.yahoo.com. Running windows7 home premium, 64-bit OS. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by OMAR at 11:51:28 on 2014-06-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8184.5640 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Program Files (x86)\SRWare Iron\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Citrix URL-Redirection Helper: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: <No Name>: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - LocalServer32 - <no file>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{9AB760C7-9C51-41F9-9138-CC9E94BF3DB5} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{CD94106A-2685-4D3E-8F74-C3634C16F702} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}\14343454353505F494E445 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}\C697E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}\E4544574541425 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OMAR\AppData\Roaming\Mozilla\Firefox\Profiles\lothcaxr.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 231224]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-8 237056]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-10-8 9216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-15 411936]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-1-8 145408]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-5-31 38016]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-16 5024576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-14 46136]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-7 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-4-30 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-4-30 15128]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-11-26 90112]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-14 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-17 06:20:30 -------- d-----w- C:\Users\OMAR\AppData\Roaming\Roxio Log Files
2014-06-17 05:47:59 -------- d-----w- C:\Users\OMAR\AppData\Local\Chromium
2014-06-17 05:47:49 -------- d-----w- C:\Program Files (x86)\SRWare Iron
2014-06-17 04:41:08 -------- d-----w- C:\Users\OMAR\AppData\Roaming\AVG2014
2014-06-17 04:40:21 -------- d-----w- C:\Users\OMAR\AppData\Roaming\TuneUp Software
2014-06-17 04:39:34 -------- d-----w- C:\ProgramData\AVG2014
2014-06-17 04:36:04 -------- d-----w- C:\Users\OMAR\AppData\Local\MFAData
2014-06-17 04:36:04 -------- d-----w- C:\Users\OMAR\AppData\Local\Avg2014
2014-06-17 04:36:04 -------- d-----w- C:\ProgramData\MFAData
2014-06-17 04:26:12 256368 ----a-w- C:\ProgramData\1402979025.bdinstall.bin
2014-06-17 03:59:49 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-06-17 02:52:39 -------- d-----w- C:\AdwCleaner
2014-06-15 23:41:41 -------- d-----w- C:\Users\OMAR\AppData\Local\ElevatedDiagnostics
2014-06-13 01:21:57 629241 ----a-w- C:\ProgramData\1402621990.bdinstall.bin
2014-06-13 01:19:52 -------- d-----w- C:\ProgramData\BDLogging
2014-06-13 01:19:34 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-06-13 01:19:34 511328 ----a-w- C:\Windows\capicom.dll
2014-06-13 01:14:17 84848 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2014-06-13 01:14:17 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-06-13 01:14:17 34384 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2014-06-13 01:14:09 -------- d-----w- C:\Program Files\Bitdefender
2014-06-13 01:13:09 -------- d-----w- C:\Users\OMAR\AppData\Roaming\QuickScan
2014-06-13 00:37:59 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-06-13 00:37:37 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-06-12 19:14:47 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-10 20:09:15 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-06-10 20:02:40 -------- d-----w- C:\NPE
2014-06-10 19:57:55 -------- d-----w- C:\Users\OMAR\AppData\Local\NPE
2014-06-06 20:17:05 -------- d-----w- C:\Users\OMAR\AppData\Local\Google
2014-06-06 19:40:17 -------- d-----w- C:\Program Files\HitmanPro
2014-06-06 19:40:00 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-06 17:41:16 -------- d-----w- C:\Windows\ERUNT
2014-06-06 17:41:08 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-06 06:55:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-05 01:26:47 -------- d-----w- C:\Users\OMAR\AppData\Local\AAA_Internet_Publishing,_
2014-06-05 01:26:44 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 03:52:19 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:52:19 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 03:52:13 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-13 20:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 20:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 20:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 20:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 20:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 20:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 20:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 20:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 02:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-21 05:03:06 18302384 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-03-21 05:03:06 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-03-21 05:03:02 947808 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-03-21 05:03:02 832936 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-03-21 05:03:00 9690424 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-03-21 05:03:00 11589272 ----a-w- C:\Windows\System32\nvopencl.dll
.
============= FINISH: 11:52:18.59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 17 June 2014 - 03:28 PM

Good evening. :)

Please install Extension List Dumper, available here and then restart Firefox.

With Firefox open, click Tools > Add-ons, selct Extensions on the left hand side and then click the Dump list button on the top right.
In the window that should appear, click Save as... and name the file and save it somewhere handy - I usually use the Desktop.
Please let me have the contents of the file in your next reply.

 

Install this add-on and restart Firefox.
 

  • Click Tools > Add-ons.
  • In the top right hand corner, click Dump list
  • In the window that opens, click Copy to clipboard.
  • Paste the contents of the clipboard into your next reply.
  • Please click the Plugins Tab on the left and repeat the process.

 


So long, and thanks for all the fish.

 

 


#3 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 17 June 2014 - 04:29 PM

I really don't use firefox, nor have I for the last two years or so. .. I use an opensource chrome named SRWare Iron, and google chrome. ( Both of which I have already un-installed an re-installed prior to coming on this forum)



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 17 June 2014 - 04:38 PM

My bad, I must have been thinking about something else when I posted. Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 


So long, and thanks for all the fish.

 

 


#5 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 17 June 2014 - 08:33 PM

OTL logfile created on: 6/17/2014 7:07:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OMAR\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.66 Gb Available Physical Memory | 70.77% Memory free
15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.55 Gb Total Space | 717.64 Gb Free Space | 78.04% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
 
Computer Name: OMAR-HP | User Name: OMAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/17 19:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OMAR\Desktop\Downloads\OTL.exe
PRC - [2014/06/03 16:38:10 | 000,740,864 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\chrome.exe
PRC - [2014/05/15 10:05:29 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/04/25 03:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/20 23:02:30 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/26 16:35:20 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libEGL.dll
MOD - [2014/05/26 16:34:28 | 000,870,912 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libGLESv2.dll
MOD - [2014/05/26 16:34:24 | 000,950,272 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 03:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/08 04:06:16 | 000,237,056 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2014/05/13 21:52:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/04/25 03:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/23 16:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 14:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/26 07:24:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/03/20 23:02:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/01/08 11:00:12 | 000,145,408 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2013/11/15 00:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 00:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/24 07:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/05/31 08:19:10 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/08 04:56:46 | 011,175,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/08 03:02:22 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 05:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 05:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/29 12:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/26 23:55:08 | 000,090,112 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/24 16:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/11/23 19:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 19:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 04:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{08C075B9-82A5-4479-A3D9-0A97F56C16F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OMAR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OMAR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/26 07:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/15 22:08:10 | 000,000,000 | ---D | M]
 
[2010/08/13 18:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OMAR\AppData\Roaming\Mozilla\Extensions
[2014/06/06 14:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OMAR\AppData\Roaming\Mozilla\Firefox\Profiles\lothcaxr.default\extensions
[2014/02/13 10:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/22 13:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/07 23:26:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/04/17 10:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/26 07:24:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2013/08/26 07:24:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/08/26 07:24:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2014/06/16 23:26:21 | 000,450,816 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       us.yhs4.search.yahoo.com
O1 - Hosts: 127.0.0.1       any-prod5.17.search.ysta1.b.yahoo.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O2 - BHO: (Citrix URL-Redirection Helper) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SteelSeries ApS)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB760C7-9C51-41F9-9138-CC9E94BF3DB5}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD94106A-2685-4D3E-8F74-C3634C16F702}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}: NameServer = 208.69.150.250,208.69.150.252
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62ec9cc8-b734-11e2-b155-78e7d1ce2e15}\Shell - "" = AutoRun
O33 - MountPoints2\{62ec9cc8-b734-11e2-b155-78e7d1ce2e15}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{aacf787c-bdce-11e2-aa99-78e7d1ce2e15}\Shell - "" = AutoRun
O33 - MountPoints2\{aacf787c-bdce-11e2-aa99-78e7d1ce2e15}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/17 11:31:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/17 00:20:30 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\Roxio Log Files
[2014/06/16 23:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2014/06/16 23:47:59 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Chromium
[2014/06/16 23:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2014/06/16 23:10:29 | 000,000,000 | ---D | C] -- C:\Users\OMAR\Documents
[2014/06/16 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\OMAR\Desktop\OPENTIBIA
[2014/06/16 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\AVG2014
[2014/06/16 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/16 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\TuneUp Software
[2014/06/16 22:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\MFAData
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Avg2014
[2014/06/16 21:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/16 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/16 21:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2014/06/16 20:52:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/15 17:41:41 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\ElevatedDiagnostics
[2014/06/12 19:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/06/12 19:19:34 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/06/12 19:14:17 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014/06/12 19:14:17 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/12 19:14:17 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014/06/12 19:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2014/06/12 19:13:09 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\QuickScan
[2014/06/12 18:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/06/12 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/06/10 14:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/06/10 14:02:40 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/10 13:57:55 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\NPE
[2014/06/06 14:17:05 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Google
[2014/06/06 13:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/06/06 13:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/06 13:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/06 11:41:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/06 11:41:08 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 00:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/04 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\AAA_Internet_Publishing,_
[2014/05/21 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/17 18:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/17 18:37:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 18:37:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 18:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/17 18:29:11 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/17 15:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000UA.job
[2014/06/17 15:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000Core.job
[2014/06/17 15:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000UA.job
[2014/06/17 11:54:36 | 000,004,091 | ---- | M] () -- C:\Users\OMAR\Desktop\attach.zip
[2014/06/16 23:48:01 | 000,000,990 | ---- | M] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2014/06/16 23:48:01 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2014/06/16 23:26:21 | 000,450,816 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/16 22:40:22 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/16 22:26:12 | 000,256,368 | ---- | M] () -- C:\ProgramData\1402979025.bdinstall.bin
[2014/06/16 21:59:49 | 000,001,226 | ---- | M] () -- C:\Users\OMAR\Desktop\Revo Uninstaller.lnk
[2014/06/16 21:23:50 | 000,003,563 | ---- | M] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014/06/16 21:19:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOMAR.job
[2014/06/16 21:19:26 | 000,365,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/16 19:14:36 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000Core.job
[2014/06/12 20:21:33 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/12 19:47:49 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2014/06/12 19:21:57 | 000,629,241 | ---- | M] () -- C:\ProgramData\1402621990.bdinstall.bin
[2014/06/12 19:20:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/06/06 18:30:47 | 000,000,000 | ---- | M] () -- C:\Users\OMAR\AppData\Local\prvlcl.dat
[2014/06/06 13:46:36 | 000,000,952 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/06 13:40:19 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/03 20:20:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/06/02 00:19:46 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2014/05/23 00:53:03 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140606-120936.backup
[2014/05/22 23:32:40 | 000,000,563 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/22 23:17:01 | 000,448,673 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140523-005303.backup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/17 11:54:36 | 000,004,091 | ---- | C] () -- C:\Users\OMAR\Desktop\attach.zip
[2014/06/16 23:48:01 | 000,000,990 | ---- | C] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2014/06/16 23:48:01 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2014/06/16 22:40:22 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/16 22:26:12 | 000,256,368 | ---- | C] () -- C:\ProgramData\1402979025.bdinstall.bin
[2014/06/16 21:59:49 | 000,001,226 | ---- | C] () -- C:\Users\OMAR\Desktop\Revo Uninstaller.lnk
[2014/06/16 21:23:50 | 000,003,563 | ---- | C] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014/06/16 20:42:43 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/06/13 00:47:23 | 000,365,440 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/12 19:47:49 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2014/06/12 19:21:57 | 000,629,241 | ---- | C] () -- C:\ProgramData\1402621990.bdinstall.bin
[2014/06/12 19:20:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/06/06 13:46:36 | 000,000,952 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/06 13:40:19 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/04 16:06:16 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOMAR.job
[2014/06/03 20:20:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/06/02 00:13:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014/02/16 15:17:06 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 15:36:28 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/05 16:43:41 | 000,000,563 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 16:26:02 | 000,000,000 | ---- | C] () -- C:\Users\OMAR\AppData\Roaming\wklnhst.dat
[2010/12/13 17:18:40 | 000,000,017 | ---- | C] () -- C:\Users\OMAR\AppData\Local\resmon.resmoncfg
[2010/12/02 23:50:29 | 000,007,168 | ---- | C] () -- C:\Users\OMAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 01:25:17 | 000,000,000 | ---- | C] () -- C:\Users\OMAR\AppData\Local\prvlcl.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/01/17 23:18:30 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\.minecraft
[2010/09/05 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Audacity
[2014/06/16 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\AVG2014
[2012/08/20 15:50:21 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\AVG9
[2013/10/08 23:55:35 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Awesomium
[2013/12/19 13:02:55 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Battle.net
[2012/05/08 14:40:57 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\DVDVideoSoft
[2010/10/21 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\gtk-2.0
[2014/02/20 12:20:54 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\HTC
[2014/05/14 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\ICAClient
[2010/08/16 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\ijjigame
[2011/02/01 21:46:43 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Leadertech
[2010/08/13 19:25:53 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\LolClient
[2012/05/23 23:19:09 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\LolClient2
[2010/11/26 23:47:32 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\MotioninJoy
[2013/09/26 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Octoshape
[2013/11/19 02:38:13 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\OpenOffice
[2010/08/19 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\OpenOffice.org
[2014/05/08 02:53:39 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Oracle
[2010/11/07 02:31:41 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Pandion
[2010/10/21 20:08:56 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\PictureMover
[2014/06/12 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\QuickScan
[2011/09/25 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Research In Motion
[2011/03/06 16:04:29 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Screaming Bee
[2014/06/17 15:33:04 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Spotify
[2014/02/18 02:38:58 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\SteelSeries
[2012/05/16 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\SystemRequirementsLab
[2010/09/12 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\TeamViewer
[2011/11/21 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Template
[2014/06/17 00:09:27 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Tibiacast
[2011/06/30 18:46:39 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\TibiaTestserver
[2014/06/06 00:23:47 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\TS3Client
[2014/06/16 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\TuneUp Software
[2010/08/25 21:28:48 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\WinBatch
[2010/10/31 01:43:26 | 000,000,000 | ---D | M] -- C:\Users\OMAR\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/04/30 22:47:51 | 000,000,652 | ---- | M] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pa) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pa
[2014/04/30 22:47:39 | 000,000,652 | ---- | C] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pa) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pa
[2012/12/01 14:26:08 | 000,000,655 | ---- | M] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pando.save) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pando.save
[2012/12/01 14:26:08 | 000,000,655 | ---- | C] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pando.save) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pando.save
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:6BE50C2B
 
< End of report >


#6 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 17 June 2014 - 08:37 PM

OTL Extras logfile created on: 6/17/2014 7:07:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OMAR\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.66 Gb Available Physical Memory | 70.77% Memory free
15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.55 Gb Total Space | 717.64 Gb Free Space | 78.04% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
 
Computer Name: OMAR-HP | User Name: OMAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0116A81F-A066-4E86-AC8E-B75E9ADD36D5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{01E289B9-9F2E-4457-817B-C1907248703E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{02C990A5-83F9-465A-8F21-D8D53A3B59C2}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{033289DF-F4E9-4BF7-AE9D-5A938ED03AFF}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{03362DDF-CB19-40AF-BE4A-5EF768232DE7}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{03906717-4E27-4A01-B5BD-91CCA535D2CA}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher | 
"{06FBDB9E-0942-49A2-A30B-E03C569C740F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A338CC2-9E30-469A-9ED5-D36499C8EF6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{111BFFF6-6D76-422C-BE55-68488BE6C018}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher | 
"{132BA9FD-0792-4E8C-9982-52D082D526E3}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher | 
"{1378ACC6-F81D-42D4-B0FF-BCE1CD7AB701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15270EAE-8854-4E61-963E-8AB4B779DD21}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{167344F3-AA4D-4E62-A2D6-DCDE8DB6C3FB}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher | 
"{17167259-62B7-4B32-9898-5BF81F177917}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A05D755-1491-4966-8BF4-F53200A9B3E5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C6ACDD5-9EB5-462F-A9E2-0C97AA078F58}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher | 
"{1DEFDD08-66ED-4BD1-B37A-9BC2B8B2C6E1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1F4FD0E1-CC8B-49D6-AC96-387577E3B95C}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{216E3BFF-2C85-418B-9D5B-4A32DA4632CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{222311F4-6B52-438B-BDAD-4BFD994523E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{237CA12B-D0AB-4176-8E41-CAB1CBF9930D}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{27267A11-0D7C-464A-A719-ED8B9FFEBA3E}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{2A021FA9-29A0-418C-B025-5D1132393CA7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2B4D8772-AE40-433B-AA58-02AD68BE61AA}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | 
"{2D53800B-0C5C-4DE8-951D-8DD8AC9209AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31AA7B3D-9B22-466D-B596-992E9DC7DF3A}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{364A0C5D-C972-4B85-BEAA-B8CF71683299}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher | 
"{365DF626-A74E-40F0-B91D-971F4D757C2E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{37501CB1-7776-488D-9E6A-AFB3CFEB9AB1}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | 
"{37893CA3-9AEC-40CE-8D96-4E86D6FEF768}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher | 
"{3F05EF67-DC0D-4441-BA69-D78A4BAAA5CC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4249E678-F34C-479A-A57D-AAE95AFA1D39}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | 
"{44FD9470-CB1E-4603-8A64-0332FF346946}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{4F4FEBBD-4CD5-4C13-92B7-BC4DF1A34F97}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | 
"{50AC6365-A3B1-4D10-84F8-46F1233E82F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{513379D6-92BF-4DD1-90F6-1E98EB6B3242}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{53045402-A8EA-4443-A01A-1A9E79A6A4BA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{54EF55B7-5376-467D-9A91-B0CE6A346715}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{554E522F-ECD5-40CB-B44F-1759827B91E9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{55EE6248-EF21-40DB-84ED-63941BEE183D}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{568749E5-0EF1-4514-ACF0-C9B040847D7F}" = lport=6916 | protocol=6 | dir=in | name=league of legends launcher | 
"{5AC47B2B-3545-4CD3-A278-2C274697E61E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{5C351F24-8D20-4B39-9656-B692AA6B8F05}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher | 
"{5C5A33F0-EAEE-4340-AFF9-A0347615A3C1}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher | 
"{5DB5D3C6-3F31-4845-B26F-38A9CAD3DC4C}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{5E0381A0-879D-4627-8FEE-E418BFD0B372}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{60CA5621-FFEC-42A3-93B9-3FC221943D13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{618375A6-7014-498D-B185-34980D2B717B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6370FAFB-CE84-416F-9F41-FDD2A61BD95F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{65D1AF79-A5D3-4FB0-ADFD-AE3B5EBBE3EE}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | 
"{6B502C13-CAA4-48AA-9969-7123E30F8069}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{740B8AA2-33EF-4AFB-9C6F-2834378BB870}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77CE2D60-36E6-4E6A-A652-DA6BBC3922AF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7E47F178-971B-4D8F-9BF4-E6E499002779}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{84B7CC84-E218-4395-9E20-1451870EDA6E}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{871A1FB6-195D-4CF0-B5CC-41BBFA360188}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87213CB7-ACC6-46DA-8A33-B4A5D22063BC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8947E9C7-492D-43D9-AB26-83AFE2EED6C0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{8A0806D7-D454-4D2A-A3D0-8C4A68F7292B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8CAFB9B1-D08D-448A-A091-8FB48682D7F8}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | 
"{8CFAC875-9D99-4A5E-B8E9-36CC2955B65A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8DC11BFA-DE84-4D7A-BE1C-35DFE50DEC38}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8E5FB97C-9AF4-4798-92E4-7148232E3901}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8F9458FF-E805-40A0-B126-8FF5DCB67A37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92646898-B038-4D39-A457-0463A922E8B3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93278D01-B5A0-4993-BA9B-04AAFAA57695}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{9542D407-ACFC-4BD8-8B70-D098ED7923DD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96CF79FA-91AD-42D5-8B96-CB70F85CD879}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | 
"{97B2F001-6FCC-457E-902D-F3E792974013}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{99550FFB-EF9B-4662-AE87-3809592D4E60}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9B54966B-D250-42BB-8534-CD376EE7939C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9D08616D-4E5E-4502-B191-465C87F217F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0D1E7F4-BB0E-4487-97F9-ECD5193E3840}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A31CB8C9-996A-4B33-A3B7-754063B4774E}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher | 
"{A5115FCF-6CA5-4608-847B-EC19EA5B5270}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher | 
"{A7C1844F-A5D4-4C2B-A5B0-466750271E73}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher | 
"{AB1CEB5E-D527-4316-93C6-A33314D184B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AC173B07-10AB-4342-837D-E77178BDF3E2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ADF3646D-3472-4E4E-9677-C9ADEFF114A9}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher | 
"{AE14A49A-DC80-410D-A2CB-92893678037A}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | 
"{B180604D-83B2-4899-A808-44870E14CADB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1D5A451-CB23-4A5A-9E6C-7BBCCDF08154}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | 
"{B6D01468-2868-4388-8B34-2CDCF0B06940}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{B73F865A-905E-483A-A4A6-EB6030DD031A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{B7C706CB-9D1A-4351-BC3A-B095E51FB641}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B80FF9C0-D15C-4E27-A604-B4A74B989A23}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher | 
"{BEBF609E-8106-41B6-BFDC-85372B46E5CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C21C654B-81A9-4C0C-8A4B-1BD489694780}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | 
"{C2660BC5-4150-4593-A901-91C995C570F0}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{C4B74168-509F-4846-9F89-55C2544C6926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7F58E0C-BD82-46A9-89A1-7CEA6F62AA2A}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
"{CC7D92ED-584E-4A50-8385-EEF71DFE97AA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D48F7433-2F35-4221-BF6C-74E727788A0B}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher | 
"{DA137134-3FB4-4C2D-BB37-C10F40ABC06C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DFB5473E-DB86-4E76-85E3-310917FFB09D}" = lport=6916 | protocol=17 | dir=in | name=league of legends launcher | 
"{E18D07A8-A3A8-432A-928C-E83C7CBD0304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E3133654-FDB8-4A57-865C-B32168CA97FE}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E57E421B-FB19-471D-92DB-12943A23CFD7}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher | 
"{E7E5F3CA-1A2E-40A2-9F0B-9B50F7ED8C90}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher | 
"{EA806BA4-BF55-4E36-A1F3-0B041968EC10}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher | 
"{EDB91831-008B-41D2-B4AD-80BB7DF18EF8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EECA8135-481F-47B2-A4E0-0EF0C6D087E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F04775A9-89AC-44EF-BBD0-021314BAAD92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F4669892-A748-4AEB-B9C5-24EF9A59BEBC}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher | 
"{F4762281-15F5-4E64-9DCE-221F07107B09}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{F89AF62E-42CD-455E-88B7-0BECAD652969}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FD10B09A-C699-4122-97A5-9E719C9DF14C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{FD8314F7-295E-47DA-8D4E-789077BCE386}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A149CE-198E-4766-A1D4-477C6E6DA0D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{04BC78D1-58A1-4C57-85F3-F474DC469E80}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{0618261D-7E00-4530-9C7C-52F7E402D4AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{078488BC-DB41-4920-B99D-EE26B264BF09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{07962E7E-AE95-4811-B0AB-19078CDF2267}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{07B32452-9A64-49D4-AB31-A4ED9ACCA700}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{08B565E9-1F5B-45EE-8BE8-D1070243EE71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0903DDC9-55E1-4034-A4B1-01402273954B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{09E3BF68-94AF-460B-B429-FAE6603B5988}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{0AB52FBB-0D7F-4514-A879-F9135364A692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B7D6462-7EFD-475E-AA32-0C5FBB973220}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{0C744C63-616B-4989-9CEE-AC0FC414BB49}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{0CD0A0CF-308B-4F8D-95BE-56174F320BCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0D2B0CF1-CE4B-405E-946B-267EEB831A6E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0D6A0DD5-6831-40F3-AF8B-F581D2509E13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{0FEF1168-23EE-4D48-A54E-40FB6FAF175D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{10F2D1A0-185D-4B48-BDAB-D1BA4C5FC74B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{11D6AF4E-1DA9-42C1-95A0-D224D0987ACC}" = protocol=6 | dir=out | app=system | 
"{13C5A01F-1EB4-47A3-9758-16206C15780E}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{1735C378-D5A4-45EE-A1B0-0A40E3EABBE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{173CAB2E-1144-41BA-87B7-0D9A28833CC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{18BD955B-4564-4137-B678-2C249B33A4ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{192A75E2-CC5E-480C-B010-F78AB5991186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{19BC50E5-5F39-43FC-9C8C-BC999B2C1C39}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{19C48941-5AAC-4CC0-8915-DC1334FA78E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AC395F2-CB95-45FD-9562-AC9C1344DE4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1B121ABC-480E-49EE-BD58-0045DCCF4F7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1B3FA426-BE9B-4CD8-BF98-B54E433AB1E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CB94036-2816-46C8-80D0-847320F4EB2A}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{1E20CB55-9A40-4B82-A64B-BCF8A091F205}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1E9E1280-D290-44F8-B62D-F7283260CB35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1ECD2D3E-11F2-4AB4-856A-C2B40AA3E615}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"{1F11E813-B92B-44BE-83F4-6297F351D755}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{218FB06E-E1FD-441A-BA0A-8BCEBF1E8FE2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{21BD72DC-F961-490E-A358-836A401EC8BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{23E83F55-F47E-40AB-9177-B49A23322D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{24768ABD-479A-4F2A-AB77-E1D06A6A6C05}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{251394A8-301E-42AB-80B0-08AEDAEBE834}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2612D65F-B995-4CED-86E4-4BE43AAB78B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{264AB8C9-E9D7-4960-AC7A-619F9E71DAC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{272B1F82-CB2D-4A34-82B0-616D0B14F5FB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{289808D8-6EE6-401C-884B-BFCAA8458AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{293372B6-4100-4E53-A945-87FFB1BB33EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{295954A7-272C-4736-AB08-0EE5FB04811A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{298DC12C-FDAF-49CC-A01C-610C7B0E3200}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{29FBE703-A418-47E9-81F5-FF0CB5D6C972}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{2A3A2A13-E544-458C-86C6-3635314F5331}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2ABFA5DD-E77D-4246-AF29-1F7B0D5AE925}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2AFE90A6-E7EB-42C7-AAC1-F8B9BDE413CB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{2B98C2D1-0CD9-4315-8D7B-62455BCF44C3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{2C32C426-9FB2-472D-BD20-36659BFB1CD9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2C9A5497-4D70-4E3A-A8A0-05DA127CB664}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"{2E46F72E-C148-4C2D-A56C-EF665831D528}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2E823F25-15E4-4DBA-AC33-2665CC7557AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2EA3FACE-85C9-42BF-B43E-EDA9EEEBD4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{2EA7BCF6-37C4-4A27-B1B2-D31510E6E9B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{30468F70-64BA-4775-BD31-851B39ACB7D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{31A37E0E-93CF-4404-BD2E-4FEACE5ABEBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{35B01587-141B-4AF2-819A-9D2AA5B68114}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe | 
"{35BFC22C-55FE-43E8-BCF1-049F22096BC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37D45982-DC4F-4F36-AAC3-942E77276D8F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{38C557DA-EE00-413F-943E-CF02E6247CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{3AB4AB7B-94EE-4FF6-94E9-F78EA9E5CBE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3AD86874-717E-4F7C-80F5-88747092F090}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3BABCF00-D526-4790-AC0C-12EF90C2CE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{3E2F793A-7620-4049-ACB5-21728FA47827}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{3EFCEAA2-5485-43D0-A58E-0A63EA47B127}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3F699273-9BCA-47E5-8C5F-8863EBDC6913}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{409CD967-EF90-49B6-B7C0-691523182418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{425F35C5-A99A-4E63-A4B6-3D4D2E98FAA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{43465014-5E8A-4D45-9CB3-2A75B4E34D8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{4393A69B-5CAF-42B5-A4FD-96ED91A580AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4619AC51-CF40-410C-BEE9-BD8275BD002E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{462DA886-51CF-4894-9B55-B10E3F7EA591}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{469A5B67-7793-436C-A382-95CAEA15EC03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{46BC24B3-7D08-48CE-8791-D78841A167CE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{473AFD58-1C53-45B9-B5F5-C8440C59549A}" = protocol=17 | dir=in | app=c:\users\omar\appdata\roaming\spotify\spotify.exe | 
"{48DA7BED-70DF-44A1-A1EE-42E742D9FD50}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{4DED770A-2069-45E9-B952-F75749769EBA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4FB0B583-3B98-4D17-A07A-0B01685AA530}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{529383E5-282D-44E3-8800-C6303CA8B8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{5652E3F2-5AF0-4F38-A6B3-63E7F4A2AB02}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5BBF6DE8-E761-44ED-B3BB-6C666AA5183E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C30EF0E-4E31-4B27-B769-52E64D123A41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C61714C-010D-49D1-89DC-C29F8CBAD1A4}" = protocol=6 | dir=in | app=c:\users\omar\appdata\roaming\spotify\spotify.exe | 
"{5CE2592F-EC93-45B4-B0D6-55757E5EDB5B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5EFACC0F-0168-4DEA-97DA-EE5F19925CD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{609E1DE0-5C15-4740-8CB4-9DF9AF8889D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6201B912-0479-435A-9985-3A0EE8C05F81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6261BDEA-1483-4388-B8FF-A3405B8454EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{63BE6EAC-945F-4743-A231-7C660391C474}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{63D34F55-6599-485E-AB49-815FCD413683}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6425E91F-1BF4-4D20-910E-C79DD3851859}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{65E32A1D-C813-47E2-9B1B-E6FF016A5B29}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{668048E1-7787-4791-9557-65851CCCED1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{66CB2F2A-7CA0-4380-A7D2-9D6FE190C730}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{675C4A7C-E272-4E9E-9E8A-2AABE927BD72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{67C64341-47FB-4473-A523-32DAEF3AE931}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{68CE504B-4E59-47F6-98D2-DEEDAAE621C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{68EC8E3B-24A0-436A-9104-671E6E691CA7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{69877F99-5DFE-4638-8661-D4EB58B19416}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{6A2AE055-D194-4C5D-838C-E2B6BD708518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6BBCDA09-EA0C-443C-92C4-908CD738264C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe | 
"{6E7AF5A5-8AE4-4836-BA7A-5EE31FD444A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6F4DF914-C473-4236-983B-CC5B4B4E150E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{71CD85B0-6F0E-4B7E-840C-7AC506BC7E73}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{7224897D-1771-42CE-8535-F282634112C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{73218378-42BC-485A-868E-7FBC8F0E6870}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{7382590B-B3B2-4B1B-9D52-C49EFB4DF77E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{73B4D7B5-60A3-415F-9CDB-2F5840D21DD8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76EEC405-7D0A-46D5-9E1E-DDF939956ADC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76F1CDD5-C2C9-4072-9152-70893F596EDC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{7786162B-9317-4149-9AAC-FDD5B63C8B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{78AC799C-666B-47D0-9FFA-B3F3A49E2B9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79D272A4-527C-42AF-9081-F5812BD5B38C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{7A6F468C-BD92-47A4-9E12-DF3FB2E48EFB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{7AC42695-253E-4DFF-84D9-AF9274E5FD7A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7B37D3CF-FCDC-4797-B603-8CEB8A88066B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{7B8ACB07-8A2B-4BB7-8BF0-9FE3030776B2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7DBB1B99-C6AC-436E-8DA7-0ECE47D6AAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7EC75F92-8D84-4075-8244-233AE5E6A571}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{7FF1F4B2-FB89-4C65-B3C0-1B2E177BF51B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{800B8BDE-040A-4007-B4D3-FDA69B624840}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8045C35A-4F61-4FDC-9593-845288A59082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80B367C1-0F96-4A75-9E15-2BA6408C987C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8200F521-4FBD-45D4-91C1-FBCAC57E9E2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{82CB7BD1-4EEE-491B-BE5D-A7F9EB790769}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{830964A0-997B-4B65-911F-3D12F3A98372}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{83B1BB08-DB4F-4339-907D-43A992CB8256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{84F0F0BC-A81A-41D6-98E3-354F86BA0196}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{84F17869-9E8D-431F-B725-B27650E98D09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8876CDA3-6A0B-460E-AF97-CEA7C8EAAF52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{887F43E1-F0BF-48A4-8324-FA19D248B0B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{88A01CB3-EB16-471A-983A-C2816A79438A}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{8A04F786-A609-4103-ABEA-330A7EF3C204}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{8B538CEB-6F5C-4386-A867-4DD168CF9B85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C799F4C-9216-4749-9888-5A0014C945EC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{8E358558-5FE0-4266-A10A-315D6327F44B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8FB69BD4-2A0D-4E62-93E1-B8A09E867B3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FECE92F-0927-48A2-91DE-4EB30536297F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9086EA82-5C67-4ED9-9C44-257C11751C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{9097589A-E7C6-4F09-BDD3-07CC2AA12BF4}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{913F7C36-C702-4AE3-BA2A-BF4B59E0E842}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9285DCB6-ED2C-4E9B-8582-2496AC716B4E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{92CED489-24CF-4146-913C-A5506903A88F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{93870020-F1A0-4579-80A6-E91CDACC13C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{939F5FC5-F9BF-425B-8C12-10B2E57FFDAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{93D7C9F0-15CE-4579-9D89-C9B3DA4400DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{949A420C-9C46-4ADC-B9B8-138FD42CC4EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94F0D3A9-2AB9-4396-AA6F-996F833B4FB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9678F871-75DE-4ABF-942C-03577F8ACD64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{96905789-2BB3-4F44-B54A-8F12511A8E59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{96EE541F-9A7E-4A38-9A34-D8D85728BFD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9718B580-2BF5-4D1E-86B0-9B8875D2ADF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{988EC212-DA02-47E7-8795-14E086DE6A12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{9AA5886A-F4F8-463F-A1E6-82613E355603}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9ADEAE3E-DDB8-49FF-9CAB-B992CDE0B78F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9B13635F-C14E-4BAE-8543-B6280CCBF5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{9B1B5F28-C676-47D3-B722-C5A50F9F3EA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9BDCD6FE-7669-496C-AEF4-C0BAB249ED31}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{9CDC3E37-BB7E-421D-A6D7-5553DF01B6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
"{9CF3DFBD-95DC-46F8-805B-29072FFB5F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9D052972-320E-4063-9011-7434C81EFC7F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9F506872-5C19-437F-A619-E8E1082329B9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A1027ECE-57F0-4AA9-888D-116E45CA34AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A293444B-9E10-46A4-83D2-DB1FEFBCB184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3C8E41C-995B-4942-B4AE-4F0108CE83CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3D99AD0-D6D6-4F23-9085-D4A3EEEB4824}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A6DD5870-D23E-4898-A5ED-80E60BFDC608}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{A83F5970-CC12-4FFC-A8A5-D2E74ECCBE0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{AA74CB25-44F1-406D-BAE0-35E05B5CFA48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AE6D73E1-0645-414E-BB17-367A6B57E0EF}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe | 
"{B0DEF06C-1C8B-48FE-95B9-8E02E7F6A250}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B2C2ED1B-1DC1-4338-AD36-08B9793A089B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B30D2A59-6AC6-49E7-8660-5FD00EECDEFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B36D1D09-14B0-47A0-BA3F-CFFED9484669}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B3E9A304-BAA1-43F9-8D66-B215507BA8CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B5525965-FD1D-4027-B362-AB9AE676FBE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B6B628CC-9175-49D9-902A-2754408C1286}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B7860237-EBD7-4E82-94E3-36E1F08ECE09}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B8CEA67A-A9ED-4685-B739-042A6BC71753}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC927D5D-6CC1-4F47-A90E-B1940AA83576}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{BD979DB1-1D55-49D9-A4DA-AFB074A06A18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BE5C3673-F6B7-44B2-9742-B2E62BA771AE}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{BEFB2E56-7E24-4CD9-9E3C-F9A052A0611D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BFBF9E75-B083-44F9-B745-785A859EB4BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C2572239-0FEC-4BA4-8338-3A331A7F70B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C44F85FA-7C1F-424F-A058-3970B0A4F365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{C545EA0A-B042-4265-A1D7-B4AB2285E978}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{C666E6BB-ADD5-44CF-87EF-44C9F2518CCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C785BE95-C8F2-4DF0-9D86-A2E2E85F274D}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{C90BE278-B1BB-4756-AD2E-50FFB2CBD56A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CE327AE2-E9AE-4548-A44C-DB9A256F4FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{D20A67D7-661A-456B-97D1-00429D5CFA7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D28F7729-B70F-4ACE-9B12-743EB9B3999A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{D336F9AB-B2F6-43A6-A33D-19F7419909C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{D343414C-60F9-4812-ABB1-DE67E56D8F50}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D37D2B9E-F51C-4349-B69E-1182B5EBAEDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"{D4999835-D88E-42E8-9DFE-EB5D906A29DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D5B119AA-3370-41CF-B9A3-6A5CBF37BABC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{D688CF54-8CA4-4057-A8E9-5C3ABDF1F446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{D75B5588-A257-4E5D-89B2-ED981FCB7F96}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
"{D860EA5C-F5A0-428A-858F-D756F6236C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{D8DDC65A-088A-43F8-B892-9AC9AA662C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{D926FE87-347E-4DAF-997E-F3F851BEE676}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"{DC2D586A-0C8C-4E2B-AB3E-4B67FE9DBEBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{DD68B3AD-93E9-4757-8F1A-875FD774AABD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD6B17E7-2708-46E4-A880-7D7718B29E64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E2D033DC-8EDE-47A2-8625-7E971CC9A4B5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E54633EB-C758-4B93-B7CC-1C64C8288112}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{E8161B92-A4D9-4C67-A5DD-62CB48DA2332}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EB29D8F8-257E-4730-B787-87EEDE3B19DB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB850E7A-C025-4C88-83A2-544D26840EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{ECAFD1B3-B417-433D-B542-CD7D388DED11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{EDB65BBF-0FB1-4DEC-8EFD-795B0BE8986B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{EEF0689C-AAC3-4629-841B-2D4B759641BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF8DFE98-9C4A-4FD0-AB0F-48D6A8E737F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F04175E2-2281-4A30-B286-88D872410615}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{F23C20E7-8341-46E6-9C68-64201338AAE1}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe | 
"{F7318BCF-9D7A-4847-BE15-7BAD310A6305}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7547ACC-4D43-4AA9-BC78-32579F205C1D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F8650AAC-376D-406E-AD91-9A49EA65A29F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FA4C15C9-7C8B-4700-B0A6-052E8777F233}" = dir=in | app=c:\users\omar\music\documents\the war z\warz.exe | 
"{FB2EC57B-9B1F-4C64-9113-72DA45A22039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBEDD184-8CF4-405F-8AD0-4A5145AB4ABA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FE23AF63-DEAA-4885-AA1E-88CA2E05394D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{FEB6EFE1-8AF9-47B1-8458-F1BAE16E8531}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FFC0A820-1F1B-42FB-9B79-75E10490290E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FFCA63C7-8D44-471D-A313-47C110EB50EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"TCP Query User{1184D060-49A4-4FA2-91F0-2332B6C9C1AD}C:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"TCP Query User{27FA78DE-484B-4DBC-80CF-C3A3DDBFDEB4}C:\users\omar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\omar\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{35B05DDC-EA2E-4987-A95A-1635455FA327}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{41A89C19-4173-43F9-8A83-61C8F6082D68}C:\program files (x86)\tibia\tibia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tibia\tibia.exe | 
"TCP Query User{4EDC009F-D0B3-4789-BC2B-2AD04C8C29DB}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{50CEEBEA-4500-42AE-A1F4-2FBC53C6F552}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampions.exe | 
"TCP Query User{6E94A079-1748-4397-BE4F-1DD53B585EF6}C:\program files (x86)\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tibiacast\tibiacast client.exe | 
"TCP Query User{7DC99BFD-E0FB-4129-B19F-1EE8E4E9A3C6}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{AEC83D28-9843-4707-8937-7D5C82789B16}C:\program files (x86)\tibia\tibia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tibia\tibia.exe | 
"TCP Query User{C783A9B5-79AE-4237-B28D-258111AC8482}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{0A6C0A49-2C9A-4892-BC2C-5B59B09F0EE0}C:\program files (x86)\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tibiacast\tibiacast client.exe | 
"UDP Query User{255E2651-BF4A-4493-8770-7E1D799F1E91}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampions.exe | 
"UDP Query User{70D224E9-ECF9-47A5-A462-A3F23679244F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{76DEC3E9-99EB-4426-80C1-898408F57A79}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{7FD0EDF5-5247-4AF7-80C3-823636981CAC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{8CB5B0FD-13B6-40A4-B560-CECB1BAD6D5D}C:\program files (x86)\tibia\tibia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tibia\tibia.exe | 
"UDP Query User{B033E875-A523-43A5-B69F-AD6E7ECE6EFB}C:\users\omar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\omar\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{B75D5997-457C-4D61-9327-1F49CFE8EB47}C:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"UDP Query User{D9C4F7BA-786C-43E5-ACA4-5C3F92FDB5D4}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{F660962A-AEC9-42F9-A585-987EC0EEADD3}C:\program files (x86)\tibia\tibia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tibia\tibia.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"AutoHotkey" = AutoHotkey 1.1.13.01
"AVG" = AVG 2014
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"HitmanPro37" = HitmanPro 3.7
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.6.0 (64-bit)
"Logitech Gaming Software" = Logitech Gaming Software 8.51
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SteelSeries Engine" = SteelSeries Engine
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012C59CF-074A-43DA-8085-B6E636733B59}" = Citrix Receiver(Aero)
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E1C5B43-1837-4F98-A96B-79A8A0A5955F}" = Citrix Receiver(USB)
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47117FCA-0D00-4B6D-9D68-00B763629463}" = Self-service Plug-in
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE938F7-C196-43D7-8EEB-411CDE0A96B1}" = System Requirements Lab
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E8AC853-65BB-4C99-A09E-19B81851E14C}" = Citrix Receiver Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ADE8A83D-BB70-4FB5-BA19-26C47EA31894}" = Citrix Receiver(DV)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
"{C4E28723-0663-4012-9BDC-E21A14C1316C}" = Citrix Receiver (HDX Flash Redirection)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version SRWare Iron 35.0.1900.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA55005D-94AC-4596-9646-679D6CC0D620}" = Citrix Authentication Manager
"{CACBFEA1-3157-6016-117E-EF06E5AC72CF}" = Catalyst Control Center InstallProxy
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9EE360A-7C19-47EC-93C7-97DEFF64804B}" = Citrix Receiver Inside
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F390D923-76F1-458E-8218-8C0C156CDCFD}" = Online Plug-in
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Battle.net" = Battle.net
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"ElfBot NG_is1" = ElfBot NG 4.5.9
"Fraps" = Fraps (remove only)
"Hearthstone" = Hearthstone
"HijackThis" = HijackThis 1.99.1
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Macro Recorder_is1" = Macro Recorder 5.6.5
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Revo Uninstaller" = Revo Uninstaller 1.95
"Steam App 10" = Counter-Strike
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"Steam App 730" = Counter-Strike: Global Offensive Beta
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"Tibia_is1" = Tibia
"TurboTax 2012" = TurboTax 2012
"VLC media player" = VLC media player 2.1.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/16/2014 2:17:19 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9033
 
Error - 6/16/2014 2:17:20 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/16/2014 2:17:20 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031
 
Error - 6/16/2014 2:17:20 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
 
Error - 6/16/2014 2:17:21 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/16/2014 2:17:21 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029
 
Error - 6/16/2014 2:17:21 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029
 
Error - 6/16/2014 2:17:22 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/16/2014 2:17:22 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12028
 
Error - 6/16/2014 2:17:22 PM | Computer Name = OMAR-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12028
 
[ System Events ]
Error - 6/17/2014 1:26:25 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The TeamViewer 9 service failed to start due to the following error:
   %%1053
 
Error - 6/17/2014 1:28:55 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/17/2014 1:28:55 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/17/2014 6:58:54 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
   %%3
 
Error - 6/17/2014 7:02:04 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/17/2014 7:02:04 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/17/2014 8:29:20 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
   %%3
 
Error - 6/17/2014 8:29:53 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error:   %%14
 
Error - 6/17/2014 8:32:03 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/17/2014 8:32:03 PM | Computer Name = OMAR-HP | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 18 June 2014 - 12:54 PM

Good evening. :)

I can't see any entries for Google Chrome - did you uninstall it?


So long, and thanks for all the fish.

 

 


#8 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 June 2014 - 01:08 PM

Yeah I un-installed and switched to an "open source google chrome", the name of the browser I am using is called SRWare Iron, which is pretty much google chrome just named differently... The problem occurs on this browser too. The reason I uninstalled google chrome was because I imagined the problem was specifically with chrome, but it turns out it's on this browser too.



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 18 June 2014 - 02:49 PM

You need to reinstall Google Chrome and then check to see if it has the problem. If it does, run OTL again and post the first log. The problem I have is that OTL doesn't read any browser present, only certain ones, which your open source one isn't one of them.

I would also like to know if Firefox and Internet Explorer are suffering from the same issues.


So long, and thanks for all the fish.

 

 


#10 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 June 2014 - 07:43 PM

The problem is present in all browsers. Firefox, Chrome, Explorer, and Iron. I NOTICED HOWEVER, the only way the problem exists in EXPLORER is when it uses GOOGLE as the search engine; if it uses BING there is no problem. Also please note on EXPLORER the redirect address is different. (http://linkclose.com/) Where as on chrome, firefox, iron the redirect is another one. (us.yhs4.search.yahoo.com) The problem ONLY exists when a search is made through the OMNIBOX (assuming the search is made through google).  


Edited by bonessage, 18 June 2014 - 07:43 PM.


#11 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 June 2014 - 07:52 PM

OTL logfile created on: 6/18/2014 6:38:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OMAR\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.44% Memory free
15.98 Gb Paging File | 8.27 Gb Available in Paging File | 51.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.55 Gb Total Space | 716.16 Gb Free Space | 77.88% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
 
Computer Name: OMAR-HP | User Name: OMAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/18 11:22:52 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/06/18 11:22:52 | 002,445,848 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.0\ScriptHelper.exe
PRC - [2014/06/18 11:22:52 | 001,801,240 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
PRC - [2014/06/18 11:22:52 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
PRC - [2014/06/17 19:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OMAR\Desktop\Downloads\OTL.exe
PRC - [2014/06/03 16:38:10 | 000,740,864 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\chrome.exe
PRC - [2014/05/29 11:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/15 10:05:30 | 006,170,168 | ---- | M] (Spotify Ltd) -- C:\Users\OMAR\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/05/15 10:05:29 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/05/15 10:05:24 | 000,598,072 | ---- | M] () -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/04/25 03:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/20 23:02:30 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/18 11:22:52 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/06/18 11:22:52 | 001,632,792 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
MOD - [2014/06/18 11:22:52 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
MOD - [2014/05/29 11:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 11:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/26 16:35:20 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libEGL.dll
MOD - [2014/05/26 16:34:28 | 000,870,912 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libGLESv2.dll
MOD - [2014/05/26 16:34:24 | 000,950,272 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
MOD - [2014/05/16 19:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/15 10:05:29 | 036,966,968 | ---- | M] () -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/05/15 10:05:29 | 000,108,600 | ---- | M] () -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/05/15 10:05:24 | 000,886,840 | ---- | M] () -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/05/15 10:05:24 | 000,598,072 | ---- | M] () -- C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/05/01 17:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 18:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 18:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 18:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 18:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 18:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 17:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 17:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 17:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 03:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/08 04:06:16 | 000,237,056 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2014/06/18 11:22:52 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0)
SRV - [2014/05/13 21:52:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/04/25 03:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/23 16:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 14:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/26 07:24:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2014/06/18 11:22:52 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/03/20 23:02:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/01/08 11:00:12 | 000,145,408 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2013/11/15 00:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 00:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/24 07:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/05/31 08:19:10 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/08 04:56:46 | 011,175,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/08 03:02:22 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 05:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 05:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/29 12:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/26 23:55:08 | 000,090,112 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/24 16:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/11/23 19:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 19:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 04:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{08C075B9-82A5-4479-A3D9-0A97F56C16F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {33DC18F0-AFC1-47C7-99E4-0FDE2DA0EFB0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={CEF5B86A-DEC8-4ECF-A4DD-5B8CD9363519}&mid=92daa0c526da8bdf922ed4a0e8eef752-2f0cb07e63dfc5fe6239d2148e0333dccee3e6c0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-18 11:23:53&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OMAR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OMAR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443 [2014/06/18 11:23:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/26 07:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/15 22:08:10 | 000,000,000 | ---D | M]
 
[2010/08/13 18:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OMAR\AppData\Roaming\Mozilla\Extensions
[2014/06/06 14:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OMAR\AppData\Roaming\Mozilla\Firefox\Profiles\lothcaxr.default\extensions
[2014/02/13 10:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/22 13:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/07 23:26:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/04/17 10:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/26 07:24:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2013/08/26 07:24:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/06/18 11:23:56 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/08/26 07:24:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/06/16 23:26:21 | 000,450,816 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       us.yhs4.search.yahoo.com
O1 - Hosts: 127.0.0.1       any-prod5.17.search.ysta1.b.yahoo.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O2 - BHO: (Citrix URL-Redirection Helper) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\OMAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SteelSeries ApS)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB760C7-9C51-41F9-9138-CC9E94BF3DB5}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E52856E-3A0F-495E-B56F-8E1F82D15902}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD94106A-2685-4D3E-8F74-C3634C16F702}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1584D12-B742-47C2-B644-F74AAFAF589E}: NameServer = 208.69.150.250,208.69.150.252
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62ec9cc8-b734-11e2-b155-78e7d1ce2e15}\Shell - "" = AutoRun
O33 - MountPoints2\{62ec9cc8-b734-11e2-b155-78e7d1ce2e15}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{aacf787c-bdce-11e2-aa99-78e7d1ce2e15}\Shell - "" = AutoRun
O33 - MountPoints2\{aacf787c-bdce-11e2-aa99-78e7d1ce2e15}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/18 18:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/06/18 11:24:12 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\AVG SafeGuard toolbar
[2014/06/18 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2014/06/18 11:23:51 | 000,050,464 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/06/18 11:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/06/18 11:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014/06/18 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2014/06/18 11:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014/06/17 00:20:30 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\Roxio Log Files
[2014/06/16 23:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2014/06/16 23:47:59 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Chromium
[2014/06/16 23:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2014/06/16 23:10:29 | 000,000,000 | ---D | C] -- C:\Users\OMAR\Documents
[2014/06/16 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\OMAR\Desktop\OPENTIBIA
[2014/06/16 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\AVG2014
[2014/06/16 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/16 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\TuneUp Software
[2014/06/16 22:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\MFAData
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/06/16 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Avg2014
[2014/06/16 21:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/16 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/16 21:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2014/06/16 20:52:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/15 17:41:41 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\ElevatedDiagnostics
[2014/06/12 19:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/06/12 19:19:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2014/06/12 19:19:34 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/06/12 19:14:17 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014/06/12 19:14:17 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/12 19:14:17 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014/06/12 19:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2014/06/12 19:13:09 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Roaming\QuickScan
[2014/06/12 18:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/06/12 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/06/12 13:15:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/12 13:15:24 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/12 13:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/12 13:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/12 13:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/12 13:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 13:15:11 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/12 13:15:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/12 13:14:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/12 13:14:46 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/12 13:14:46 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/12 13:14:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/12 13:14:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/12 13:14:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/12 13:14:43 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/12 13:14:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/12 13:14:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/12 13:14:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/12 13:14:40 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/12 13:14:40 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/12 13:14:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/12 13:14:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/12 13:14:39 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/12 13:14:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/12 13:14:38 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/12 13:14:38 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/12 13:14:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/12 13:14:37 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/12 13:14:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/12 13:14:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/12 13:14:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/12 13:14:36 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/12 13:14:35 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/12 13:14:35 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/12 13:14:35 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/12 13:14:35 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/12 13:14:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/12 13:14:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/12 13:14:34 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/12 13:14:33 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/12 13:14:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 14:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/06/10 14:02:40 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/10 13:57:55 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\NPE
[2014/06/06 14:17:05 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\Google
[2014/06/06 13:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/06/06 13:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/06 13:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/06 11:41:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/06 11:41:08 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 00:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/04 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\OMAR\AppData\Local\AAA_Internet_Publishing,_
[2014/06/04 19:26:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL
[2014/05/21 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/18 18:28:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 18:27:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 18:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000UA.job
[2014/06/18 18:24:02 | 000,002,241 | ---- | M] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 18:23:39 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/18 18:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000UA.job
[2014/06/18 17:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/18 16:18:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000Core.job
[2014/06/18 16:14:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOMAR.job
[2014/06/18 15:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1989574803-828581562-3929108112-1000Core.job
[2014/06/18 11:22:52 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/06/18 11:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/17 18:37:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 18:37:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 18:29:11 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/17 11:54:36 | 000,004,091 | ---- | M] () -- C:\Users\OMAR\Desktop\attach.zip
[2014/06/16 23:48:01 | 000,000,990 | ---- | M] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2014/06/16 23:48:01 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2014/06/16 23:26:21 | 000,450,816 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/16 22:40:22 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/16 22:26:12 | 000,256,368 | ---- | M] () -- C:\ProgramData\1402979025.bdinstall.bin
[2014/06/16 21:59:49 | 000,001,226 | ---- | M] () -- C:\Users\OMAR\Desktop\Revo Uninstaller.lnk
[2014/06/16 21:23:50 | 000,003,563 | ---- | M] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014/06/16 21:19:26 | 000,365,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/12 20:21:33 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/12 19:47:49 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2014/06/12 19:21:57 | 000,629,241 | ---- | M] () -- C:\ProgramData\1402621990.bdinstall.bin
[2014/06/12 19:20:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/06/06 18:30:47 | 000,000,000 | ---- | M] () -- C:\Users\OMAR\AppData\Local\prvlcl.dat
[2014/06/06 13:46:36 | 000,000,952 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/06 13:40:19 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/03 20:20:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/06/02 00:19:46 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2014/05/30 04:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 03:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 03:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 03:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 03:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 03:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 03:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 03:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 03:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 03:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 03:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 03:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 02:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 02:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 02:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 02:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 02:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 02:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 02:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 02:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 02:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 02:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 02:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 02:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 02:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 02:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 02:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 02:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 02:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 01:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 01:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 01:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 01:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/23 00:53:03 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140606-120936.backup
[2014/05/22 23:32:40 | 000,000,563 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/22 23:17:01 | 000,448,673 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140523-005303.backup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/18 18:23:39 | 000,002,241 | ---- | C] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 18:23:39 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/18 18:22:48 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 18:22:47 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/17 11:54:36 | 000,004,091 | ---- | C] () -- C:\Users\OMAR\Desktop\attach.zip
[2014/06/16 23:48:01 | 000,000,990 | ---- | C] () -- C:\Users\OMAR\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2014/06/16 23:48:01 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2014/06/16 22:40:22 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/16 22:26:12 | 000,256,368 | ---- | C] () -- C:\ProgramData\1402979025.bdinstall.bin
[2014/06/16 21:59:49 | 000,001,226 | ---- | C] () -- C:\Users\OMAR\Desktop\Revo Uninstaller.lnk
[2014/06/16 21:23:50 | 000,003,563 | ---- | C] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014/06/16 20:42:43 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/06/13 00:47:23 | 000,365,440 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/12 19:47:49 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2014/06/12 19:21:57 | 000,629,241 | ---- | C] () -- C:\ProgramData\1402621990.bdinstall.bin
[2014/06/12 19:20:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/06/06 13:46:36 | 000,000,952 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/06 13:40:19 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/04 16:06:16 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOMAR.job
[2014/06/03 20:20:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/06/02 00:13:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014/02/16 15:17:06 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 15:36:28 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/05 16:43:41 | 000,000,563 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 16:26:02 | 000,000,000 | ---- | C] () -- C:\Users\OMAR\AppData\Roaming\wklnhst.dat
[2010/12/13 17:18:40 | 000,000,017 | ---- | C] () -- C:\Users\OMAR\AppData\Local\resmon.resmoncfg
[2010/12/02 23:50:29 | 000,007,168 | ---- | C] () -- C:\Users\OMAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 01:25:17 | 000,000,000 | ---- | C] () -- C:\Users\OMAR\AppData\Local\prvlcl.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2014/04/30 22:47:51 | 000,000,652 | ---- | M] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pa) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pa
[2014/04/30 22:47:39 | 000,000,652 | ---- | C] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pa) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pa
[2012/12/01 14:26:08 | 000,000,655 | ---- | M] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pando.save) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pando.save
[2012/12/01 14:26:08 | 000,000,655 | ---- | C] ()(C:\Users\OMAR\AppData\Local\PMB Filer?pando.save) -- C:\Users\OMAR\AppData\Local\PMB Filer耯pando.save
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:6BE50C2B
 
< End of report >


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 19 June 2014 - 01:06 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click the I Agree button to continue.
  • Click on Scan and, once complete, click on Report and let me have the contents of the text that opens.
  • A copy of the text file will also be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 


So long, and thanks for all the fish.

 

 


#13 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 19 June 2014 - 01:24 PM

# AdwCleaner v3.212 - Report created 19/06/2014 at 12:18:51
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OMAR - OMAR-HP
# Running from : C:\Users\OMAR\Desktop\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\OMAR\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\OMAR\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[ File : C:\Users\OMAR\AppData\Roaming\Mozilla\Firefox\Profiles\lothcaxr.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
*************************
 
AdwCleaner[R1].txt - [5542 octets] - [19/06/2014 12:17:57]
AdwCleaner[S1].txt - [5303 octets] - [19/06/2014 12:18:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5363 octets] ##########

# AdwCleaner v3.212 - Report created 19/06/2014 at 12:17:57
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OMAR - OMAR-HP
# Running from : C:\Users\OMAR\Desktop\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.1.0
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\OMAR\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\OMAR\AppData\LocalLow\AVG SafeGuard toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[ File : C:\Users\OMAR\AppData\Roaming\Mozilla\Firefox\Profiles\lothcaxr.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\OMAR\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [5374 octets] - [19/06/2014 12:17:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5434 octets] ##########


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 PM

Posted 19 June 2014 - 01:34 PM

Pay a visit to the ESET Online Scanner.

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


Will you also let me know if there has been any improvement.


So long, and thanks for all the fish.

 

 


#15 bonessage

bonessage
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 19 June 2014 - 02:36 PM

40% into the scan and nothing found yet. BTW I've used ADWcleaner before and hasn't fixed it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users