Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with gorillaprice.exe. Have failed to remove.


  • This topic is locked This topic is locked
13 replies to this topic

#1 StrygwyrBS

StrygwyrBS

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 29 June 2014 - 10:47 AM

:axe:  This is all my fault. 3 years i've treated this computer right and then I blew it with one bad click. I ended up downloading a trojan (unsure of name b/c my AVG removed it) along with a few other files. I noticed a few popups a couple days after I removed it and then I happened to be searching for a place to install a program and found a horrid little program called gorillaprice.exe. Sure enough it was running in my processes tab in the task manager. Here's what I've done so far with it. I used revo to uninstall it because a manual uninstall wasn't working. It just says that the program was in use since the damned thing just pops back up after I end the process in task manager :hysterical: . It said that it was uninstalled, but the gorillaprice.exe is still there and it's still running. The only thing that has changed is that it is not in my list of programs to uninstall in the control panel. AVG, Spybot S&D and ADW cleaner all say gorillaprice.exe is clean, but I know better. I think there may be a few other programs on my computer somewhere causing an issue, but I'm just not sure and haven't seen anything besides the gorillaprice.exe.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by DAVID at 8:23:38 on 2014-06-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16351.12751 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\gorillaprice\gorillaprice.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Autoruns\autoruns.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:13081
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\DAVID\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=4f040aa8bbc447d08fead179d7a4cf89-3f9964acb9c40ad982927d3c5cd88b1c613c9d53 /CMPID=1213b
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\DAVID\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34963736F62383433373 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34F666665656D274572757 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34F666665656F574572757 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\B41696375627F57416E676 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{1B583C9A-7C67-4940-8A01-DC2E8E566F5D} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{1B583C9A-7C67-4940-8A01-DC2E8E566F5D}\75164737F6E60265 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B7512706-058F-4073-89CC-5D4473FDE3B7} : DHCPNameServer = 198.224.174.135 198.224.173.135
TCP: Interfaces\{BB98D1F0-CC1D-4E60-B47F-08E912C05E0F} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BFEE6B5F-BBC8-46FD-988F-7CB7C09720A3} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{E683F4C7-EDFE-436F-ADC7-D779F67BE313} : DHCPNameServer = 7.254.254.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\drivers\SMR410.SYS [2014-6-29 96856]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/03/20 23:37:29];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2013-3-11 130320]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2013-3-20 85568]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2013-3-20 77576]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2013-3-20 294664]
R2 GorillaPrice;GorillaPrice;C:\Program Files (x86)\gorillaprice\gorillaprice.exe -service --> C:\Program Files (x86)\gorillaprice\gorillaprice.exe -service [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-26 133800]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2013-3-20 75248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-3 21055432]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-29 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-29 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-29 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-24 413128]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [2013-11-11 16176]
R2 WyseRemoteAccess;Wyse RemoteAccess;C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [2013-11-8 1785344]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-11-17 1256192]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-5-17 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2012-4-13 1254464]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-3-8 15176]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-15 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-5-20 746392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-11-6 29288]
.
=============== Created Last 30 ================
.
2014-06-29 15:01:31 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-29 15:01:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-29 15:01:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-29 14:54:55 96856 ----a-w- C:\Windows\System32\drivers\SMR410.SYS
2014-06-29 14:48:39 -------- d-----w- C:\NPE
2014-06-29 14:47:29 -------- d-----w- C:\Users\DAVID\AppData\Local\NPE
2014-06-29 14:47:29 -------- d-----w- C:\ProgramData\Norton
2014-06-26 08:22:25 -------- d-----w- C:\Users\DAVID\AppData\Roaming\Open Download Manager
2014-06-26 08:21:41 -------- d-----w- C:\Program Files (x86)\gorillaprice
2014-06-25 01:02:41 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-06-24 22:24:12 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-24 22:24:12 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-15 22:19:32 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-11 02:42:49 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 02:42:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-14 21:56:21 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 21:56:21 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 21:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 21:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 21:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 21:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 21:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 21:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 21:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 16:42:44 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 16:42:40 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
============= FINISH:  8:23:48.43 ===============
[attachment=151835:attach.txt]


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 29 June 2014 - 04:46 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 


So long, and thanks for all the fish.

 

 


#3 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 29 June 2014 - 10:59 PM

Wow what a fast response! Thank you!  :bananas:

 

 

 

 

OTL logfile created on: 6/29/2014 8:55:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DAVID\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.97 Gb Total Physical Memory | 13.09 Gb Available Physical Memory | 81.95% Memory free
31.93 Gb Paging File | 28.75 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.65 Gb Total Space | 8.52 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
Drive D: | 35.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.66 Gb Total Space | 54.66 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
 
Computer Name: DAVID-PC | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/29 20:55:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DAVID\Downloads\OTL.exe
PRC - [2014/06/28 19:08:15 | 006,189,624 | ---- | M] (Spotify Ltd) -- C:\Users\DAVID\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/06/28 19:08:15 | 000,598,072 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/05/29 16:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/05/14 12:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/01 06:32:46 | 000,420,864 | ---- | M] () -- C:\Program Files (x86)\gorillaprice\gorillaprice.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/05 00:00:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/11/08 12:01:10 | 001,785,344 | ---- | M] (DELL Inc.) -- C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
PRC - [2013/03/10 21:47:21 | 000,294,664 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2013/03/10 21:47:20 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2013/03/01 00:26:26 | 000,237,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2013/03/01 00:26:23 | 000,085,568 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2013/01/16 14:22:29 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/05/20 15:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/29 20:54:47 | 000,043,008 | ---- | M] () -- c:\Users\DAVID\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpza_xcd.dll
MOD - [2014/06/28 19:08:15 | 036,966,968 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/06/28 19:08:15 | 000,886,840 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/06/28 19:08:15 | 000,598,072 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/06/28 19:08:15 | 000,108,600 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/01/24 09:01:54 | 001,559,064 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
MOD - [2014/01/02 18:09:26 | 003,610,624 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/16 14:22:29 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 16:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/29 10:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/05/14 14:56:21 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/14 12:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/05 00:00:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/11 09:34:28 | 000,016,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2013/11/08 12:01:10 | 001,785,344 | ---- | M] (DELL Inc.) [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe -- (WyseRemoteAccess)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/03/10 21:47:21 | 000,294,664 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2013/03/10 21:47:20 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2013/03/01 00:26:23 | 000,085,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/29 16:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/21 17:07:01 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/28 02:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/10/28 02:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/30 14:56:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2013/03/10 17:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/09/14 17:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 17:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/28 17:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/20 23:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/05/20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/03/11 12:44:00 | 000,130,320 | ---- | M] (CyberLink Corp.) [2013/03/20 23:37:29] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2013/03/01 00:26:25 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2012/03/08 07:53:40 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {4FFFB535-C9BD-4315-A046-6EC40BB12606}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13081;
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DAVID\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DAVID\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/04/09 22:50:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\DAVID\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=4f040aa8bbc447d08fead179d7a4cf89-3f9964acb9c40ad982927d3c5cd88b1c613c9d53 /CMPID=1213b File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B583C9A-7C67-4940-8A01-DC2E8E566F5D}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7512706-058F-4073-89CC-5D4473FDE3B7}: DhcpNameServer = 198.224.174.135 198.224.173.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB98D1F0-CC1D-4E60-B47F-08E912C05E0F}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFEE6B5F-BBC8-46FD-988F-7CB7C09720A3}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E683F4C7-EDFE-436F-ADC7-D779F67BE313}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/29 08:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/06/29 08:01:31 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/06/29 08:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/29 08:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/29 07:48:39 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/29 07:47:29 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\NPE
[2014/06/29 07:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/06/29 07:15:09 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/26 01:22:25 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Open Download Manager
[2014/06/26 01:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gorillaprice
[2014/06/26 01:20:03 | 000,000,000 | ---D | C] -- C:\Users\DAVID\Documents\My Cheat Tables
[2014/06/23 01:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/29 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/29 20:43:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2611575349-2038184900-3403572536-1000UA.job
[2014/06/29 20:31:00 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/29 20:31:00 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/29 20:30:53 | 007,319,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/29 20:30:53 | 002,390,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/29 20:30:53 | 000,006,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/29 20:23:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/29 08:01:33 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/06/29 07:15:09 | 000,000,925 | ---- | M] () -- C:\Users\DAVID\Desktop\Revo Uninstaller.lnk
[2014/06/28 17:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2611575349-2038184900-3403572536-1000Core.job
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/29 08:01:33 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/06/29 08:01:33 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/06/29 07:15:09 | 000,000,925 | ---- | C] () -- C:\Users\DAVID\Desktop\Revo Uninstaller.lnk
[2014/01/03 15:38:26 | 000,012,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\MoborobAssDriver64.sys
[2013/11/17 03:23:13 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/05/21 01:25:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013/02/09 16:55:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/25 14:54:10 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/25 14:54:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/21 17:04:25 | 000,007,619 | ---- | C] () -- C:\Users\DAVID\AppData\Local\resmon.resmoncfg
[2012/06/13 07:28:23 | 000,000,093 | ---- | C] () -- C:\Users\DAVID\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/02 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Atari
[2013/09/29 14:32:19 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\AVG2014
[2013/11/23 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Awesomium
[2014/02/26 02:37:55 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Battle.net
[2014/05/01 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\BitComet
[2014/04/16 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\com.mazebert.MazebertTD
[2013/03/23 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Day 1 Studios
[2014/06/29 20:55:00 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Dropbox
[2014/06/29 20:54:49 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\DropboxMaster
[2014/05/13 02:13:42 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\DVDVideoSoft
[2013/03/04 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\HD Tune Pro
[2014/01/29 04:57:14 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\icons
[2013/11/28 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\JAM Software
[2012/04/13 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\LolClient
[2012/05/23 04:35:08 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\LolClient2
[2014/01/09 19:15:28 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\MKKE
[2012/04/21 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Need for Speed World
[2014/06/26 01:23:13 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Open Download Manager
[2013/02/17 05:48:21 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\OpenOffice.org
[2014/01/30 05:59:56 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Origin
[2013/09/11 01:41:45 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\SecureMedia
[2014/06/29 20:55:20 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Spotify
[2012/12/10 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\SystemRequirementsLab
[2012/12/11 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\TuneUp Software
[2013/06/08 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Tunngle
[2013/11/09 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\DAVID\AppData\Roaming\Wondershare
[2013/10/25 07:15:16 | 000,000,000 | -HSD | M] -- C:\Users\DAVID\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
< End of report >


#4 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 29 June 2014 - 11:01 PM

OTL Extras logfile created on: 6/29/2014 8:55:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DAVID\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.97 Gb Total Physical Memory | 13.09 Gb Available Physical Memory | 81.95% Memory free
31.93 Gb Paging File | 28.75 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.65 Gb Total Space | 8.52 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
Drive D: | 35.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.66 Gb Total Space | 54.66 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
 
Computer Name: DAVID-PC | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BF0684-5E97-4402-B277-B8DA01ABA428}" = rport=80 | protocol=6 | dir=out | app=f:\games (steam)\steamapps\common\warframe\tools\remotecrashsender.exe | 
"{04F2270E-2BD7-41B9-A9B6-911AF72EE199}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{070DB08F-BDFC-4DA2-80E3-087DBE0B969C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{08C6B260-E477-4456-9FE3-4E8189DB5FC9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0DF27A93-7B56-4219-B583-08EB51EED6EC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{196D02A0-9944-4FD5-A6B5-4303FC4C00C3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{230BE687-0CC2-40F0-8A65-2EE29C788D7C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{239E9EEB-CBCF-4932-BB50-FCAC6B841D16}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{2795DDAB-1BA7-4950-B118-98D5136B0934}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29424C0C-11AB-40FF-863D-512B6F6F3C1E}" = lport=57996 | protocol=6 | dir=in | name=pando media booster | 
"{29B64A30-A7E7-4DD3-B2A2-B8D610263953}" = rport=80 | protocol=6 | dir=out | app=f:\games (steam)\steamapps\common\warframe\warframe.x64.exe | 
"{30EAB745-1D01-432F-B203-D22AE46AE051}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{3DA44EE7-F0CA-4030-938C-F05C86B30296}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3EA65959-8F40-4D95-9B1F-283D13DE11AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3EF51E3A-8EA9-4671-AEED-A908629C0A70}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3F411CB3-54B1-433E-8A2F-4F2454C41D56}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4050C964-7870-498A-B7DF-257A1529F92F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{431391BB-CD17-437A-AA47-786377774CDF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{45D7B191-A6B8-4CA4-9A83-8F0DC0C68B84}" = lport=57996 | protocol=17 | dir=in | name=pando media booster | 
"{4730BDB3-2774-4480-9FA6-5D64B9FA31F2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4A5206C2-FFF2-4E8C-B961-42E47D31FA7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C348092-8F41-4685-B7C6-237B3FAD43C5}" = lport=57996 | protocol=17 | dir=in | name=pando media booster | 
"{4EF2B4B6-24F2-43DF-B762-AC9EA8A09113}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4F47F625-87F2-4B9F-B286-46DB7C8538D8}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{6B58ECCF-EEB4-4918-941B-B2D6370D9C4E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{790412EE-ADEA-43CE-9F94-FB375E12141C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C3A50A4-9EF4-43C3-AFDC-43B0F8D520C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E1C7267-67F4-4FEA-9A1F-95FD6925EB8C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8281DA27-B023-4F5F-8240-AE8A8D61AF6C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{85ECF75F-A2B9-4397-9300-88FA616E5BE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86AD6B9E-96A3-4ECE-85A7-EB8653034F99}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{8D9E72A8-C1F9-4C19-88D7-E41EC005DDB7}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{939B04A3-485F-4756-8C2A-1A69F5F1B816}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A52ABBE-E457-44AC-8729-A124C0F78CEA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9B7D32C2-C6CB-4D89-AD77-A5D7769A41A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9BB24F35-7C2C-4CE3-B558-88A32FF383F0}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{9D6210B8-868C-4564-A024-3761223B6C76}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{A803E75B-D59F-430F-8955-19C6293AB2D8}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{AD280F1C-5387-4E22-8A90-0CC8953A172A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{B32ED1D7-D8A8-4F30-BAB6-FF1D5E47DB21}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{B3845109-B686-49B4-BA38-F8863D6DF7ED}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{B63DE55B-45B6-438A-A01B-1FAB85D41E60}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B6FFC47E-3F4A-4C07-8099-F260385F9C08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD4493C2-0C49-4403-BFE2-13E95E2B9129}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C56767DC-EAE4-4465-89BE-DE6ED5EB5772}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{CA62EC81-B110-4551-AAFE-4FD2AC5DDD0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA69A201-313B-49AF-B0E2-1194D73E82B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE8A1ABC-6A84-4590-BE60-821112EE2CD1}" = rport=80 | protocol=6 | dir=out | app=f:\games (steam)\steamapps\common\warframe\tools\launcher.exe | 
"{D3355821-3886-4B9F-A9D7-C13CD3A3A19B}" = lport=57996 | protocol=6 | dir=in | name=pando media booster | 
"{D697DA49-487B-4A4C-83CD-87F0F94F4E21}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{DADC329E-A104-484E-B56C-CB7A219506FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD1EB83F-F369-418B-A1F8-AC7741C5E3A1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DEB801B8-8F95-4461-BB5A-1507F815B21C}" = rport=80 | protocol=6 | dir=out | app=f:\games (steam)\steamapps\common\warframe\warframe.exe | 
"{ECECF245-6092-47EF-B8F3-FEAB07F4B1FC}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F1087AD4-A080-429C-BF65-0A0910806E8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1B14EB8-966A-45BB-957F-55A0523D9E11}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F64E0C23-149E-43DB-BAA6-8D95BD686292}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F81E5060-CC2F-4412-BBC7-DBCAE7B32B3A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FB2E24A0-850F-47F1-A4B2-2A3FAF5BED72}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0034457D-F055-4BCE-9767-40CC0C0C8DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{010B9E04-D343-47FF-8B28-4E93B407973B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{01C2AD85-B366-4FFC-A36E-2F2777055AFA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{02BCB024-A070-45C8-AFB1-FDA5BFF8CC28}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{040255F4-D97B-403E-A5D5-DEB6FBD27AF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm | 
"{042F43AB-159E-4BFE-ADC8-1B3CF8A44C5B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{05A39FF5-71EF-4B1D-9F66-F24FF1A7DA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{06A9533E-5943-4D04-838D-1A7A39C56B50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe | 
"{075DD842-8C6D-4242-9B27-FEBC3784CD94}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{07F4A1AE-BBAF-4D56-B2A0-136B2B28702F}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\hitman sniper challenge\hmsc.exe | 
"{08B021C5-B079-4FAD-89F5-0DDF7DD4AD8D}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{093D1C06-B97E-4D09-B7AD-E9BE14145992}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0C34D03C-A283-49C4-9D1A-9D6F71FA2AFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E49129E-2A6C-49B9-B734-4898B94FBD09}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe | 
"{0F448C29-AD3A-4D95-998A-28F3607E5AFD}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | 
"{12E41FD3-58C7-447D-A100-EA0793966163}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{141A618E-5807-4D08-83E6-F98D0E0D5D3D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{184636F7-8B54-448D-9AD9-D0D10CA6F524}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{19398805-BD83-4105-8245-E103246F8898}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | 
"{19D4DB35-A6C4-496B-8562-52208ED42C57}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe | 
"{1B35C0D3-B913-4DB7-82F7-B90C2172E172}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{20BA8DFD-0C94-4CDC-BFFB-BDA168E262DC}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe | 
"{24090169-23E8-46B6-A2E2-CE9D0EFD12AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{242155CA-AA16-4A89-812A-1F7D23FB7052}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{24E7BA6D-0E0F-459D-A1B4-47E7ED38ED5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{257A6AE0-D9AA-4F5E-991F-169A8EC1FC3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{27D42F58-1A63-4930-9F97-9970D1F5C776}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe | 
"{28973DB1-ECD4-4FF9-88CB-5CEB39AF03E8}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\warframe\tools\launcher.exe | 
"{2A06A3B2-9E65-485B-863F-2636A104CD60}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{2FFB9255-A7EF-4B1C-AB41-14BB452FE6BE}" = protocol=6 | dir=in | app=f:\games\diablo iii\diablo iii\diablo iii.exe | 
"{30BDB8FD-F479-47E4-B86B-53A554E7DF4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32BFCA11-554F-4EDC-B2D0-33962F20020E}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{331211B9-7218-4A99-968B-0F341DAF2363}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{36F5A06A-B9E3-4D08-A2E9-142FDBE812E8}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\warframe\tools\launcher.exe | 
"{37553126-3FE5-4822-8B63-A3E23E0CB444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3985D3A7-8EE3-414B-8032-8871DE23D74C}" = protocol=17 | dir=in | app=f:\games\diablo iii\diablo iii\diablo iii.exe | 
"{3B484CE1-3472-4B6C-9691-2C83490E5075}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B696198-6FAE-438D-B36C-1F9BD052748E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{3CB8A966-A86B-4318-8243-94720BE9E4E7}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{3ECF660B-F0F1-4BFD-8428-E96DA79E2168}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{3F7FAC7D-1632-4308-8B06-8AF1750B334B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{3FC354FE-784D-4D7C-8BCC-63544E4F6023}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4010F105-5853-4508-A840-5958CBEB795F}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\torchlight ii\modlauncher.exe | 
"{41FB453A-20D0-4845-BE08-9EF5AFF5BE64}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\assettocorsa\assettocorsa.exe | 
"{422A07DC-667B-4CF8-BE44-3F65047D4B9E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4397CB5F-A83D-4F5F-A4E6-F6179EE6AAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{43E13AD0-8CF8-4102-AECC-CA75DAA2B349}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe | 
"{44575A66-2C33-45B8-B7C8-D948BA0E5BA1}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\half-life 2\hl2.exe | 
"{45753CC2-CA8F-43F8-AA4C-73DDDCDBA90B}" = protocol=17 | dir=out | app=f:\games (steam)\steamapps\common\warframe\warframe.x64.exe | 
"{483E8395-2811-4113-B316-807FAF71425F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{4A48418C-8BBB-40E2-8492-27AE990089DC}" = protocol=6 | dir=in | app=f:\games\hearthstone\hearthstone\hearthstone.exe | 
"{4B0E8669-B8A2-4487-A3A6-67A16E64E255}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{4C6B4A07-4578-4C07-A5D7-FDA818E87D9B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5073991D-0147-4CA9-ADD4-EA028B61DB06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{52649A3A-A178-40DE-8B4A-77ABC831D353}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{5375FD17-2BBF-451E-BCD7-BBB4AB04B262}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\farcry3.exe | 
"{559A46AB-128F-468C-B999-0CB5E535E357}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{55DF208F-A717-4D10-A64B-B54CE42069A1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5630C27D-0AC2-4344-96D3-2B42B42DAAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"{5859A8A7-1FE1-4B5D-8CBE-6450B5602C41}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\kingdom rush\kingdom rush.exe | 
"{59FCB23E-80E6-4737-8B8F-F51C283403EA}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\koareckoning\reckoning.exe | 
"{5A9E61BE-CD17-4006-B4AF-3799702D8AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5D6C863C-2F2C-4F11-9E1A-0FF02A098AE3}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\kingdom rush\kingdom rush.exe | 
"{5DEF2D6E-24CD-48AF-BD7E-992A15179BF3}" = protocol=6 | dir=out | app=system | 
"{5EEDEBC4-38D1-416B-B1CE-B1E7B3D0B02D}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe | 
"{5F6DF533-AC81-4AA5-B021-15C6ED642A49}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe | 
"{617E0E10-25C1-4EF4-83FB-A9923B925749}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud\aetherwindowsservice.exe | 
"{61DD1FE8-07F9-4516-BCD9-AFC83850E1C0}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe | 
"{6217256A-1B85-4105-A014-48610C0998E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{6297BFFD-64CA-4132-98FF-14987A9B57F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{652DF317-9A2D-47B8-81F0-F448354EFAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{66059808-E626-4896-B0E0-CEC53C49DE02}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\skyrim\skyrimlauncher.exe | 
"{67BD18AB-5698-4C45-81F8-CA4F27F2C5F0}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\age2hd\launcher.exe | 
"{67F20C98-CB82-4FD2-808A-380D8324075C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{680DE125-4205-4852-9E0A-90AEDC58393C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6ACC3459-EC40-4A41-8D2D-AD2F3FF2E754}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{6C647A77-5698-4DDB-BF97-16AE5FA41584}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\torchlight ii\modlauncher.exe | 
"{6EEE7CA8-4C2F-403F-87B3-E8B6F7C68951}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6FBAAAAD-D1B1-4D73-A59A-1283A8857792}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\the witcher 2\launcher.exe | 
"{70340524-691C-4895-825A-FCB79C5F977F}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\koareckoning\reckoning.exe | 
"{71431D25-DF67-4316-949B-301E155B2DEF}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe | 
"{71EC34C4-63CC-4C73-A8D5-5A17694073AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{730E6293-966D-407F-98ED-D5757D1ABA00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7360D7B0-1675-4D18-BCCA-4C597CA7CD76}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{73962747-CF3B-4C8A-8102-8801F471DFD2}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe | 
"{742CF43F-4A70-4BB8-A6F3-E13069612ED8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{767EF1FF-46B0-4FB8-92A3-3CCD80C1663E}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{7B0981E1-CEFC-4E11-9E3D-FE329467BE86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{7EA57A38-1070-4596-AF2A-B8D8D06BEB07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{7EACB6F9-000E-4E44-B884-77C78D0E4BA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8136C3C3-5C9F-47B2-9154-9CD3B0B2B40E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{8238CC1E-5E2B-478D-92D4-601FF98DF9CF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{83E88149-7593-48E0-978F-41E497AA4EE3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{84E1EEEC-FCFF-4CA7-97D5-D5283D90E0F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85517B28-0A78-43FD-8D24-A8206DF906F6}" = protocol=17 | dir=in | app=f:\games\hearthstone\hearthstone\hearthstone.exe | 
"{86216A46-A1BC-4788-A988-E5627E72C8F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{87CCE41E-0B0D-4580-B892-6DAD2437131E}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe | 
"{88897A71-057F-4806-9F28-90169C5D84DF}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\warframe\warframe.exe | 
"{8D15E2C3-071C-4693-9527-9E01A99E21D1}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe | 
"{8DB5A521-A115-4E7B-B658-02F4369CA583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8EB1723C-58A4-4521-96FF-E13A6C5C6254}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{910B6E16-3042-4459-B6FE-DFCA5AEB55C2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{94212BBA-4A40-4014-9DBB-873933ACF921}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | 
"{966F3AE6-3A12-4673-A3B2-B3A7D36659BA}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{9B23D2EF-DC5E-467E-BC7F-AB610DA231ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7B65C3-8DEF-4A90-ACE4-3D6B3959DBB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{9B832291-B9C9-4FD5-A3A3-D4CBA5D37D88}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\half-life 2\hl2.exe | 
"{9BC25A97-F679-4AA2-84D0-FB3761EDEB72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9BFC7A7C-3AAD-461C-97E8-6C1C7FA742B0}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{9DA0A630-786F-423D-9A3F-E2D0EEC25813}" = protocol=17 | dir=in | app=f:\games\assassin's creed iii\ac3sp.exe | 
"{9F15A7FD-D9F7-47B4-86C4-7853BD58B3A0}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"{A5CAD26A-9816-4ADD-88DC-CB0AC2893ECA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A6C9D96E-4B35-442B-AD54-0DECFCFC41B0}" = protocol=17 | dir=in | app=f:\games\assassin's creed iii\ac3mp.exe | 
"{A6F26EF5-C88C-4105-977D-21697EAF8031}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AA8E847B-722E-4D39-91DA-3B9C0D4FB0BC}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{AB142B39-763B-447A-BC1E-A8E659579BBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AD15A5BF-C125-4541-B89E-89466A884F01}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\the witcher 2\launcher.exe | 
"{B2620152-68E6-49A4-9A38-470E1EB05916}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe | 
"{B40239C9-507D-47D0-A6E4-9D0CD84F54DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{B4420239-CB57-40A7-B0E6-94316189C3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{B6500E21-B177-44CE-993A-EA53F7798A82}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{B7016ABA-BF8E-4651-B2B0-EEE56B0875BB}" = protocol=6 | dir=in | app=f:\games\assassin's creed iii\ac3mp.exe | 
"{B78FA06D-63EF-4493-A5BC-5939AA3F8481}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B791C523-E551-43A9-B1A6-F786557980FE}" = protocol=17 | dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe | 
"{B8AD161A-A8C0-4B52-9F9A-5B66EAA01EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\moborobo\moborobo pc suite.exe | 
"{BA22B10E-1D08-48E9-92E7-9742F18AB152}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\elsword\data\x2.exe | 
"{BAC8D6F0-7A17-4D91-8D0B-3B40FEC24B66}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe | 
"{BF59A1B6-DAD2-4441-9CA5-D786CB85DF38}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | 
"{BFD74F24-7C5A-4D2A-AFD7-4F78FBF3C0D5}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\assettocorsa\assettocorsa.exe | 
"{C043022A-4133-4BCA-8045-1988A20AC548}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{C1AC15E0-D70C-48A6-BBAD-F7BB74F78265}" = protocol=17 | dir=in | app=c:\program files (x86)\moborobo\moborobo pc suite.exe | 
"{C25C5A84-D757-404D-B25A-104C2E5DE42F}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud\pocketclouddesktopapp.exe | 
"{C47913D5-0824-4C43-BD51-7859F1AA48EB}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{C4BCD3AE-60BB-47FE-B156-280F0835ECD9}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\hitman sniper challenge\hmsc.exe | 
"{C547972E-D191-4D88-B8FB-1879EA96FEE1}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\age2hd\launcher.exe | 
"{C5CBC695-E0FF-47DF-BB88-F9D03394827F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{C6EB1A02-BE97-42C7-80FE-CC7A19AFAEFD}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe | 
"{C85845B9-1823-4007-8A0C-0232CE99D35F}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe | 
"{C9D9DA8A-CF75-4DA6-9303-A47D403CE48C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{C9FD9509-8D85-45DF-A1F5-07E1461BA011}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{CA7B589E-A002-489F-B5AB-1C86767CDE45}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CA9500DF-2339-4DB4-88BC-621AE258AF26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBDAB240-92CD-4F28-8CFE-A4BFD7AECA32}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\warframe\warframe.x64.exe | 
"{D129EA0D-F606-4E1B-BCDD-B25095DD8E48}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud\wyseremoteaccess.exe | 
"{D305AC67-7C0D-4DEC-A8B4-07DAABB2FC7D}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\farcry3.exe | 
"{D476BA77-E3B3-4F3B-8E2F-205C2DA04455}" = protocol=6 | dir=in | app=f:\games\assassin's creed iii\ac3sp.exe | 
"{D72E739B-1363-4233-8441-22CB8D9AB965}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe | 
"{DAF30F57-B974-43E0-AC1E-CD9C4CD78118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{DCB691DB-E4DE-44D7-A866-28F9B732600D}" = protocol=6 | dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe | 
"{DE369A96-C112-41A6-83CD-A3DC6212D3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm | 
"{DE8A1D4F-7ACA-45FE-AC3A-A62A499DF731}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | 
"{DEED5633-5654-4E07-AF1E-0B00080F2DAA}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\age2hd\launcher.exe | 
"{E06F35EC-70C7-415D-BFF7-7308737508D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0F94EE6-A8A7-416A-AE6A-B1EA84FDA950}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\elsword\data\x2.exe | 
"{E1426CFA-AC48-4C12-91D6-7DCF0D1A68A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{E5039806-ED70-4960-9C6E-546DDF45D6BE}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | 
"{E605175F-DAA9-4471-9A38-C0C323F7E3CA}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{E8BD979A-7029-439B-BD08-6999ED6280C2}" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{E8E24DD8-8DEB-49CA-993C-8223E444541E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{EC9D35B2-223C-4F08-9D66-11DE9FD147B8}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{ECA9FFD4-8FFD-45BB-BA68-278A2D7F3C7D}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{F5D48A09-0ED6-4273-8B9F-3C325C9C872D}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{F7244517-6C11-4848-804D-34875C5ADF4D}" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\age2hd\launcher.exe | 
"{F73FDED8-81EA-42FB-91C0-1C1BA800717B}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F848F798-A04A-4C66-A02C-C1A0A88B6695}" = protocol=17 | dir=out | app=f:\games (steam)\steamapps\common\warframe\warframe.exe | 
"{FDB90A8D-CAF7-44A0-A0A8-04A84F3E2870}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{04A13AFA-87C6-4E58-A547-68C8F7570CBB}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"TCP Query User{112CC342-7581-4302-86D4-3B56250664A2}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{31C3C5FE-2D29-4430-8DE2-114FFD32F53A}F:\games (steam)\steamapps\common\assettocorsa\acs.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\assettocorsa\acs.exe | 
"TCP Query User{37C50623-D6E2-4D91-9E21-6D0938FB1B00}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{3CE58CA4-A84B-491F-BA52-656618FF8BF9}F:\games\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=6 | dir=in | app=f:\games\duel of champions\mmdoc-pdclive\gamedata\game.exe | 
"TCP Query User{44FC3277-CAF3-40E4-BFB4-D38E34E65156}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | 
"TCP Query User{4AE4D852-B719-4154-AB0F-1F66E6386F66}F:\games\warcraft iii\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\games\warcraft iii\warcraft iii\war3.exe | 
"TCP Query User{594778ED-2880-4DDB-9E11-81930132A957}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{5F36B7D0-C65C-4A00-963B-3FEFAFAA5CE6}F:\games (steam)\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"TCP Query User{73F012C8-B80D-4F37-80DF-27CCAAE250FE}C:\program files (x86)\remote mouse\remotemouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"TCP Query User{78B971E7-0FCC-4CE4-AF79-AE46C3AACA51}F:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{7C7CE20D-8BAA-4A21-896D-9B7CE3A0D42C}F:\games (steam)\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | 
"TCP Query User{83CD79A7-5AE6-4F42-81EC-3436F7851888}F:\games (steam)\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"TCP Query User{84105242-B09E-4C33-9E57-BB8E663FE190}F:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{90777448-1F38-402B-B5C0-59ADB082CD6E}F:\games (steam)\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{9ED3BA5F-8D61-4772-8697-6BC53091CB8A}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{ABEB0BA1-736E-486F-87B2-BFA46A12FF6D}F:\games (steam)\steamapps\common\the war z\infestation.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\the war z\infestation.exe | 
"TCP Query User{B2F07961-C52F-4FEE-ACFF-09BFFB3328EF}F:\games\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=f:\games\duel of champions\mmdoc-pdclive\launcher.exe | 
"TCP Query User{DA1A36CE-3D15-47B9-808E-CDAAF4C39070}F:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{F7455437-74DB-401B-98C9-F174AE132ADD}F:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{F8AA8BB2-72E2-425A-8BFB-5E1F0AC528AA}F:\games (steam)\steamapps\common\specops_theline\binaries\win32\specopstheline.exe" = protocol=6 | dir=in | app=f:\games (steam)\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"TCP Query User{FCFC2BE9-B5D0-4351-98A1-89F7BCCAD59C}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{2203EDE2-330A-4743-9218-EE1F75785931}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | 
"UDP Query User{330240FB-5D64-4C96-BFE8-B1C28CCBCC77}F:\games (steam)\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"UDP Query User{3B944423-2FEB-496B-A343-5CD6008CE856}F:\games (steam)\steamapps\common\the war z\infestation.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\the war z\infestation.exe | 
"UDP Query User{3CAA89B4-40FD-43FE-8F71-96BD9D201B03}F:\games (steam)\steamapps\common\assettocorsa\acs.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\assettocorsa\acs.exe | 
"UDP Query User{484BD7C2-1D65-49C2-A3C1-FA591AD6DF53}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{498EE1A3-6E51-4E0E-A23E-D252991BDE2A}F:\games (steam)\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | 
"UDP Query User{5445FF5A-C237-43FD-AA13-BA4536B9D1A1}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{608EAF20-DA77-412F-8A38-CC5F69C14452}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7128929A-532A-43B1-B457-EE9F5BB91F9B}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{8358E572-9F9E-4E50-BDD5-63AF852C8483}F:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{86D25E24-C5B2-43CA-82C7-4F600338BB73}F:\games (steam)\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{8A766CEC-815C-49BE-BB19-BAB0C043526F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{8E254950-963F-4264-9149-26F1E066C316}F:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{95194336-77D0-477F-B6BB-317AC23FFAED}F:\games\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=17 | dir=in | app=f:\games\duel of champions\mmdoc-pdclive\gamedata\game.exe | 
"UDP Query User{95F6EBAF-2B84-47D6-A81A-66C56FCB4CA2}F:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{9716C828-7FE5-4C0F-8683-772F4985D0AC}F:\games (steam)\steamapps\common\specops_theline\binaries\win32\specopstheline.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"UDP Query User{97EC520E-1206-4EDE-93C3-6B6EA8E64453}C:\program files (x86)\remote mouse\remotemouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"UDP Query User{9D96FA7F-3B35-43E6-AAEF-AF31C49C77A0}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9DCC29AD-E15F-4A83-B50C-DA9595B9E298}F:\games\warcraft iii\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\games\warcraft iii\warcraft iii\war3.exe | 
"UDP Query User{C085EEAF-EB1E-4EDF-9C94-60F11DD893AD}F:\games\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=f:\games\duel of champions\mmdoc-pdclive\launcher.exe | 
"UDP Query User{C391163B-FD23-43CD-B9C4-53C5BB787963}F:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{D79410A3-6F47-4FF6-8CB0-F7254EC99DBC}F:\games (steam)\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=f:\games (steam)\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{B411AD10-1BC9-4939-8848-BC5E66F662B7}" = HP Officejet 4620 series Basic Device Software
"{B5BBEF15-44B1-43FA-A4B7-3AFE501B5949}" = AVG 2014
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2014
"Logitech Unifying" = Logitech Unifying Software 2.10
"PROSetDX" = Intel® Network Connections 15.6.25.0
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1" = Remote Mouse version 2.54
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.1.1
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed® III v1.06
"{9E240F13-3115-4AB1-B1DB-51D0A8D0D18E}" = PocketCloud
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{B1DEE15C-7C4C-40C0-9CE8-156B2FCC7DE7}" = Blockbuster On Demand
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Battle.net" = Battle.net
"BitComet_x64" = BitComet 1.35 64-bit
"Diablo III" = Diablo III.35 64-BI
"Dolphin x86" = Dolphin x86
"Free Audio Converter_is1" = Free Audio Converter version 5.0.39.430
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.28.827
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.32.213
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.28.827
"Free Video to iPad Converter_is1" = Free Video to iPad Converter version 5.0.28.827
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.32.327
"FXAA Post Process Injector" = FXAA Post Process Injector
"Hearthstone" = Hearthstone
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MMDoC-PDCLive" = Duel of Champions
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PrecisionX" = EVGA Precision X 3.0.0 Beta 15
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Steam App 102500" = Kingdoms of Amalur: Reckoning™
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200710" = Torchlight II
"Steam App 203140" = Hitman: Absolution
"Steam App 205930" = Hitman: Sniper Challenge
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 21100" = F.E.A.R. 3
"Steam App 215710" = Fieldrunners 2
"Steam App 220" = Half-Life 2
"Steam App 220240" = Far Cry® 3
"Steam App 220440" = DmC Devil May Cry
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 237110" = Mortal Kombat Komplete Edition
"Steam App 238010" = Deus Ex: Human Revolution - Director's Cut
"Steam App 242050" = Assassin’s Creed IV Black Flag
"Steam App 244210" = Assetto Corsa
"Steam App 246420" = Kingdom Rush
"Steam App 259080" = Just Cause 2: Multiplayer Mod
"Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
"Steam App 39140" = FINAL FANTASY VII
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 47920" = Shift 2 Unleashed
"Steam App 49520" = Borderlands 2
"Steam App 50300" = Spec Ops: The Line
"Steam App 55110" = Red Faction: Armageddon
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Steam App 91310" = Dead Island
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/14/2013 9:14:37 PM | Computer Name = DAVID-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 5/14/2013 10:59:07 PM | Computer Name = DAVID-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 5/14/2013 11:08:10 PM | Computer Name = DAVID-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 5/15/2013 3:35:08 AM | Computer Name = DAVID-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 5/15/2013 5:02:21 AM | Computer Name = DAVID-PC | Source = Application Hang | ID = 1002
Description = The program Borderlands2.exe version 1.0.60.324 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 964    Start
 Time: 01ce513eb7dfd40a    Termination Time: 29    Application Path: F:\Games (Steam)\steamapps\common\Borderlands
 2\Binaries\Win32\Borderlands2.exe    Report Id: 24cb3ec6-bd3e-11e2-83ff-00309140267a
 
 
Error - 5/15/2013 3:14:49 PM | Computer Name = DAVID-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 5/15/2013 3:39:54 PM | Computer Name = DAVID-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Borderlands2.exe, version: 1.0.60.324, 
time stamp: 0x51428def  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
 time stamp: 0x50b83c8a  Exception code: 0x00000001  Fault offset: 0x0000c41f  Faulting
 process id: 0xc20  Faulting application start time: 0x01ce51a0aff6d55c  Faulting application
 path: F:\Games (Steam)\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Faulting
 module path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 36d6fd68-bd97-11e2-8152-00309140267a
 
Error - 5/15/2013 5:57:57 PM | Computer Name = DAVID-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 5/15/2013 6:20:51 PM | Computer Name = DAVID-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 5/15/2013 8:09:46 PM | Computer Name = DAVID-PC | Source = Application Hang | ID = 1002
Description = The program cheatengine-x86_64.exe version 6.2.1.2643 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 29a4    Start
 Time: 01ce51c96bfb5ba4    Termination Time: 2    Application Path: C:\Program Files (x86)\Cheat
 Engine 6.2\cheatengine-x86_64.exe    Report Id: e8647358-bdbc-11e2-8152-00309140267a
 
 
[ Media Center Events ]
Error - 5/21/2012 4:15:03 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 1:15:01 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 4:29:34 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 1:29:32 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 5:29:40 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 2:29:40 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 6:29:47 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 3:29:46 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 7:29:51 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 4:29:51 PM - Error connecting to the internet.  4:29:51 PM -     Unable
 to contact server..  
 
Error - 5/22/2012 8:30:03 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 5:30:03 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 8:07:17 AM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 5:07:14 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 1/6/2013 5:25:53 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 1:25:50 PM - Error connecting to the internet.  1:25:50 PM -     Unable
 to contact server..  
 
Error - 1/14/2013 9:32:42 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 5:32:42 PM - Error connecting to the internet.  5:32:42 PM -     Unable
 to contact server..  
 
Error - 1/14/2013 9:32:49 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 5:32:47 PM - Error connecting to the internet.  5:32:47 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 6/29/2014 9:58:28 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:02:00 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:10:07 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:16:18 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:28:24 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:29:16 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 10:47:41 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7030
Description = The NPEService service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/29/2014 10:47:45 AM | Computer Name = DAVID-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 6/29/2014 10:55:16 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
Error - 6/29/2014 10:55:22 AM | Computer Name = DAVID-PC | Source = Service Control Manager | ID = 7031
Description = The GorillaPrice service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 100 milliseconds: 
Restart the service.
 
 
< End of report >


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 30 June 2014 - 02:53 PM

Good evening. :)

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

     

    C:\Users\DAVID\AppData\Roaming\Open Download Manager
    C:\Program Files (x86)\gorillaprice
    C:\Users\DAVID\Documents\My Cheat Tables

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run, and tell me how the PC is behaving

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403
 

 


So long, and thanks for all the fish.

 

 


#6 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 30 June 2014 - 05:31 PM

Before I do this next step I thought i'd give you an idea of how my pc is behaving. I haven't noticed any difference in the responsiveness, but I have far too much ram and a pretty good processor. I can see though that I'm using more physical memory than usual. Typical for me to see about 15% and it's hanging around 20% now. I'm getting occasional pop-ups which are using internet explorer. I only use chrome to browse and I haven't seen a single pop-up in a chrome window. The pop-ups occur when I'm surfing or if the computer is at idle. Also thanks so much for your help I really appreciate it!



#7 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 30 June 2014 - 05:42 PM

Computer Behavior: When i booted back up after the fix I got another pop-up with this address:

 

h t t p : / / click.cpvrdr .com/redirect.php?ID=260632390&KEY=4449

 

 

 

 

 

 

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DAVID\Downloads\cmd.bat deleted successfully.
C:\Users\DAVID\Downloads\cmd.txt deleted successfully.
C:\Users\DAVID\AppData\Roaming\Open Download Manager folder moved successfully.
Folder move failed. C:\Program Files (x86)\gorillaprice scheduled to be moved on reboot.
C:\Users\DAVID\Documents\My Cheat Tables folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: DAVID
->Temp folder emptied: 28903974 bytes
->Temporary Internet Files folder emptied: 8388027 bytes
->Java cache emptied: 5525683 bytes
->Google Chrome cache emptied: 287223595 bytes
->Flash cache emptied: 58638 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Toni
->Temp folder emptied: 939573 bytes
->Temporary Internet Files folder emptied: 485829847 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6198 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20524 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 98144 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 780.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: DAVID
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Toni
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 06302014_153522
 
Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\gorillaprice scheduled to be moved on reboot.
File move failed. C:\Users\DAVID\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a84b_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\DAVID\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\DAVID\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\DAVID\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 30 June 2014 - 06:06 PM

Run DDS again and let me have the first log that it produces.


So long, and thanks for all the fish.

 

 


#9 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 30 June 2014 - 07:47 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by DAVID at 17:45:20 on 2014-06-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16351.13826 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\gorillaprice\gorillaprice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\vVX3000.exe
C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:13081;
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\DAVID\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=4f040aa8bbc447d08fead179d7a4cf89-3f9964acb9c40ad982927d3c5cd88b1c613c9d53 /CMPID=1213b
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\DAVID\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34963736F62383433373 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34F666665656D274572757 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\34F666665656F574572757 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{168C68F2-E78C-48B0-BA7B-A153397CCEC6}\B41696375627F57416E676 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{1B583C9A-7C67-4940-8A01-DC2E8E566F5D} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{1B583C9A-7C67-4940-8A01-DC2E8E566F5D}\75164737F6E60265 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B7512706-058F-4073-89CC-5D4473FDE3B7} : DHCPNameServer = 198.224.174.135 198.224.173.135
TCP: Interfaces\{BB98D1F0-CC1D-4E60-B47F-08E912C05E0F} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BFEE6B5F-BBC8-46FD-988F-7CB7C09720A3} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{E683F4C7-EDFE-436F-ADC7-D779F67BE313} : DHCPNameServer = 7.254.254.254
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/03/20 23:37:29];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2013-3-11 130320]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2013-3-20 85568]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2013-3-20 77576]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2013-3-20 294664]
R2 GorillaPrice;GorillaPrice;C:\Program Files (x86)\gorillaprice\gorillaprice.exe -service --> C:\Program Files (x86)\gorillaprice\gorillaprice.exe -service [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-26 133800]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2013-3-20 75248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-3 21055432]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-24 413128]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [2013-11-11 16176]
R2 WyseRemoteAccess;Wyse RemoteAccess;C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [2013-11-8 1785344]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-11-17 1256192]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-5-17 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2012-4-13 1254464]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-3-8 15176]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-15 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-5-20 746392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-11-6 29288]
.
=============== Created Last 30 ================
.
2014-06-30 22:35:22 -------- d-----w- C:\_OTL
2014-06-30 05:01:36 -------- d-----w- C:\Users\DAVID\AppData\Local\CrashDumps
2014-06-29 15:01:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-29 15:01:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-29 14:48:39 -------- d-----w- C:\NPE
2014-06-29 14:47:29 -------- d-----w- C:\Users\DAVID\AppData\Local\NPE
2014-06-29 14:47:29 -------- d-----w- C:\ProgramData\Norton
2014-06-26 08:21:41 -------- d-----w- C:\Program Files (x86)\gorillaprice
2014-06-25 01:02:41 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-06-24 22:24:12 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-24 22:24:12 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-15 22:19:32 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-11 02:42:49 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 02:42:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-14 21:56:21 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 21:56:21 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 21:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 21:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 21:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 21:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 21:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 21:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 21:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 17:45:31.53 ===============


#10 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 30 June 2014 - 07:52 PM

Something new going on. When i browse with chrome it will sometimes download something called dis.aspx. I've just been deleting it when it happens.



#11 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 01 July 2014 - 11:23 AM

Did I post the correct log you needed to review?



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 01 July 2014 - 03:31 PM

Good evening. :)

Yes, you did.

 

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.


So long, and thanks for all the fish.

 

 


#13 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 PM

Posted 01 July 2014 - 07:56 PM

Today i've used my computer a bit and before the scan was done everything was the same except I wasn't
getting pop-ups. After the scan gorillaprice.exe is no longer showing in my running processes nor does it appear in my list
of programs when searching manually under C drive. I'll keep using my computer
and if I see anything different I will note in a new post. p.s. you are really really REALLY awesome. Thank you!
 
 
 
________________________________________________________________________________________
 
ComboFix 14-06-30.01 - DAVID 07/01/2014  17:42:27.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16351.14068 [GMT -7:00]
Running from: c:\users\DAVID\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-02 to 2014-07-02  )))))))))))))))))))))))))))))))
.
.
2014-07-01 16:20 . 2014-07-01 16:20 -------- d-----w- c:\program files (x86)\WinDirStat
2014-06-30 22:35 . 2014-06-30 22:35 -------- d-----w- C:\_OTL
2014-06-30 05:01 . 2014-06-30 09:11 -------- d-----w- c:\users\DAVID\AppData\Local\CrashDumps
2014-06-29 15:01 . 2014-06-30 22:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-29 15:01 . 2014-07-01 15:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-06-29 14:48 . 2014-06-29 14:48 -------- d-----w- C:\NPE
2014-06-29 14:47 . 2014-06-29 14:56 -------- d-----w- c:\users\DAVID\AppData\Local\NPE
2014-06-29 14:47 . 2014-06-29 14:47 -------- d-----w- c:\programdata\Norton
2014-06-25 01:02 . 2014-05-19 23:10 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-06-24 22:24 . 2014-05-29 23:07 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-06-24 22:24 . 2014-05-29 23:07 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-06-23 08:18 . 2014-06-23 08:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-15 22:19 . 2014-07-01 15:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-11 02:42 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 02:42 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 05:34 . 2012-04-13 23:26 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-29 23:07 . 2013-11-03 21:35 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2013-11-03 21:35 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
2014-05-20 02:44 . 2013-11-03 21:32 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-11-03 21:32 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-11-03 21:32 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-11-03 21:32 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2013-11-03 21:32 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2012-04-14 01:45 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2012-04-14 01:45 52056 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2013-11-03 21:34 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-11-03 21:34 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-11-03 21:34 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-11-03 21:34 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-11-03 21:34 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-14 23:49 . 2013-11-03 21:34 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-14 21:56 . 2012-04-13 23:16 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 21:56 . 2012-04-13 23:16 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:20 . 2014-05-13 21:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 21:20 . 2014-05-13 21:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 21:06 . 2014-05-13 21:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 21:05 . 2014-05-13 21:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 21:05 . 2014-05-13 21:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 21:05 . 2014-05-13 21:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 21:04 . 2014-05-13 21:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 21:04 . 2014-05-13 21:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-15 03:13 . 2014-04-19 00:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-14 06:59 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 06:59 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 06:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 06:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 06:59 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 06:59 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 06:59 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 06:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 06:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-16 3093624]
"Spotify Web Helper"="c:\users\DAVID\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-29 1176632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2013-03-01 237120]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DAVID\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GorillaPrice;GorillaPrice;c:\program files (x86)\gorillaprice\gorillaprice.exe;c:\program files (x86)\gorillaprice\gorillaprice.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/03/20 23:37];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud\PocketCloudService.exe [x]
S2 WyseRemoteAccess;Wyse RemoteAccess;c:\program files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe;c:\program files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:56]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611575349-2038184900-3403572536-1000Core.job
- c:\users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 23:33]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611575349-2038184900-3403572536-1000UA.job
- c:\users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 23:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DAVID\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 10.1.10.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\DAVID\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FXAA Post Process Injector - f:\users\David\My Documents\Skyrim\Skyrim FXAA Post Process Injector Program\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GorillaPrice]
"ImagePath"="c:\program files (x86)\gorillaprice\gorillaprice.exe -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2611575349-2038184900-3403572536-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,c8,1b,be,56,b9,bf,a7,3f,b8,95,6d,66,0a,35,17,e9,95,f4,76,27,
   6f,2b,be,1e,ce,51,4a,e1,89,c4,44,a7,02,fc,af,de,7c,d2,f9,01,a3,46,e6,c3,74,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2014-07-01  17:47:51 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-02 00:47
.
Pre-Run: 24,087,941,120 bytes free
Post-Run: 25,327,296,512 bytes free
.
- - End Of File - - 7207E53377B5EAB8FD50A29FEF75E10C
A36C5E4F47E84449FF07ED3517B43A31

Edited by StrygwyrBS, 01 July 2014 - 07:57 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 06 July 2014 - 01:27 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users