Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Computer Slow and Internet Sometimes has a mind of its own

November 2, 2014, 2:31 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4057 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1805 Mb
Hard Drives: C: Total - 223434 MB, Free - 129258 MB; E: Total - 14999 MB, Free - 6828 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
-------------------------
Computer is slow and sometimes the internet goes places without me telling it to...
Search

I have a Trojan. Can you help please?

November 2, 2014, 2:51 pm
$
0
0
Oh, just a quick note, almost everything else doesn't get blocked like facebook, youtube,twitter and tumblr etc.

Malware - I think it's that Snapdo

November 2, 2014, 3:13 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-2120T CPU @ 2.60GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6010 Mb
Graphics Card: Intel(R) HD Graphics, -1988 Mb
Hard Drives: C: Total - 934554 MB, Free - 865145 MB; D: Total - 17451 MB, Free - 2122 MB;
Motherboard: PEGATRON CORPORATION, 2AE2
Antivirus: Trend Micro Titanium Internet Security, Updated: Yes, On-Demand Scanner: Enabled

I apparently thought I was needing to update my Java, and when I did, I got a lot more than I bargained for. Popups, redirects, etc. Google Chrome said it was disabling extension Browsers+Apps+1.1 but I'm still having the problems. I did a full scan with Trend Micro and it found stuff it said it removed, but this is still showing up in my programs - and I cannot uninstall it. I ran HijackThis and created a log which I am copying below. Can you help me get rid of this?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:55:43 PM, on 11/2/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lynn\Downloads\HijackThis.exe
C:\Program Files\WindowsApps\Microsoft.Taptiles_2.3.1409.1802_x86__8wekyb3d8bbwe\Tapti les.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 8d6c6b503bec4fef8265c6850bf8e3d80065055 - {11111111-1111-1111-1111-110611501155} - C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] C:\Program Files (x86)\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AP1343M05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6245461AB9FA205F5B11503DB3C5595B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-18\..\Run: [20090604] C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\RegApp\encore_reg.rpd" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [20090604] C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\RegApp\encore_reg.rpd" (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13160 bytes

Please help me remove Block and Surf

November 2, 2014, 4:23 pm
$
0
0
I had run AdwCleaner earlier today from a tip on another page, but I just ran it again and here are the results.



# AdwCleaner v3.311 - Report created 02/11/2014 at 18:11:49
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : a - A-HP
# Running from : C:\Users\a\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Reimage
File Deleted : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v

[ File : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7olble4y.default-1410197133731\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15902 octets] - [02/11/2014 10:03:42]
AdwCleaner[R1].txt - [1336 octets] - [02/11/2014 18:01:34]
AdwCleaner[S0].txt - [15925 octets] - [02/11/2014 10:10:44]
AdwCleaner[S1].txt - [1263 octets] - [02/11/2014 18:11:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1323 octets] ##########








Here are the results from MiniToolBox


MiniToolBox by Farbar Version: 21-07-2014
Ran by a (administrator) on 02-11-2014 at 18:21:30
Running from "C:\Users\a\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Automated Feedback Tool 6.1 (HKLM-x32\...\{46BD8F6D-3B54-4E4A-9906-559F77FF17C3}) (Version: 6.1.608 - Synovate)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fantapper Player (HKLM-x32\...\{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}) (Version: 1.0.9 - Brand Affinity Technologies)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
GeekBuddy (HKLM\...\{6E2F0618-2867-4DA8-870B-3750588F06A6}) (Version: 4.12.99 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Info Center 1.0.0.10 (HKLM-x32\...\Info Center_is1) (Version: 1.0.0.10 - PC Pitstop LLC)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.3 - Masque Publishing)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.3 - InContext Solutions, LLC)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - )
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WMS Slots Reel 'em in (HKLM-x32\...\{B5E8EA9B-2DDB-427C-B18D-96C4B4B51999}) (Version: 1.00.0000 - Phantom EFX)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3839.29 MB
Available physical RAM: 1118.48 MB
Total Pagefile: 7676.75 MB
Available Pagefile: 4511.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981.17 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:454.52 GB) (Free:345.39 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.33 GB) NTFS
3 Drive e: (ISS) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\A-HP

a Administrator Guest


**** End of log ****

Right click problem possible malware

November 2, 2014, 4:33 pm
$
0
0
Recently I noticed a strange problem on my computer.When I try to right click or middle click on the browser or on desktop instead of the right click menu I get some sort of a pie chart menu.I have no idea how it happened but I am going to post a picture of it hopefully someone knows what it it.



-----------------------------------------------------------------------------------------------------
SysInfo log:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3066 Mb
Graphics Card: NVIDIA GeForce G 105M, 512 Mb
Hard Drives: C: Total - 24364 MB, Free - 814 MB; D: Total - 71202 MB, Free - 14235 MB; E: Total - 60259 MB, Free - 3109 MB; F: Total - 74175 MB, Free - 1944 MB; G: Total - 75226 MB, Free - 13585 MB; N: Total - 476938 MB, Free - 135317 MB;
Motherboard: Acer, JV50
Antivirus: Norton Security Suite, Updated: No, On-Demand Scanner: Enabled
-----------------------------------------------------------------------------------------------------

I think I have a virus

November 3, 2014, 5:36 am
$
0
0
The mouse is real jerky and jumps all over the place. I went into safe mode to run Kaspersky thinking I may have a virus (negative), I ran Rogue Killer, nothing! When I hit restart to go into safe mode the PC turns off and when it boots up it always plays a little tune, it sounded like it was under water, real jerky just like the mouse, like gurgling. And it is so slow I'm going to have to use my laptop to talk to you if and when I get some help. Also have ads popping up all over the place! I'm running win.XP.. Any help will be greatly appreciated. Barb

Is there anyone who can help with this or does everyone now work on Facebook and Twitter??
__________________

Urgent Need help, have infected "Word doc malware"

November 3, 2014, 7:24 am

Help with "Your Amazon order" virus

November 3, 2014, 10:23 am
$
0
0
Hello.

My brother has just opened the doc attached to this "Your Amazon.co.uk order has dispatched (#203-2083868-0173124)" in his computer and now Avast is constantly informing him that it has blocked access to an URL:

Code:
hxxp://37.139.23.200/V7wWamI 9@Sm /iGqX$FPW LRt~b/ZiM$hK@/qM8
He has a PC running Windows 7. I've run:

1. AdwCleaner v4.002 (attached is the log), there was one process that apparently needed cleaning and I cleaned it. I stopped my antivirus first as was suggested.
2. Malwarebytes Anti-Malware (attached is the log), but it came out clean.
3. I've cleaned the entries suggested by CCLeaner.
4. After all that I've run Hijackthis (attached is the log). I don't know what to clean here unfortunately... there a lot of system32 entries which I'm a bit scared of deleting.

We're still getting that message from Avast about that URL so I guess it's still infected. I haven't found any information about this virus (not even the name). I don't know what else to do to remove it.

Could someone please help me out?

Thank you

Attached Files
File Type: txt adwcleaner.TXT (918 Bytes)
File Type: txt malwarebytes.txt (1.0 KB)
File Type: log hijackthis.log (21.9 KB)
Search

Please anlayze my logs

November 3, 2014, 10:44 am
$
0
0
Someone has been tracking every move I make on the internet, he has deleted accounts I have created, and taken over my fb account. He has all my information. Please help!

Hi, I have two sets of logs

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3690 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 281035 MB, Free - 227377 MB; D: Total - 19944 MB, Free - 2131 MB; E: Total - 4055 MB, Free - 1103 MB;
Motherboard: Hewlett-Packard, 3577
Antivirus: Microsoft Security Essentials, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:01 AM, on 11/3/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.us.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14269 bytes


Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/3/2014
Scan Time: 11:57:16 AM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.03.06
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FBI
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337449
Time Elapsed: 1 hr, 36 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Trojan.Cinmus, HKU\S-1-5-21-460927759-3428789973-2336921029-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, Quarantined, [3032dd5a81fb64d2482fdbfe29d9b050],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

Win 7 Conflict- blue screen crashes-Win Defender vs avast

November 3, 2014, 12:15 pm

explorer.exe requesting internet access

November 3, 2014, 12:54 pm
$
0
0
TSG SysInfo:
Code:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3915 Mb
Graphics Card: NVIDIA GeForce GTX 560 Ti, 1024 Mb
Hard Drives: C: Total - 61439 MB, Free - 5413 MB; D: Total - 243801 MB, Free - 10396 MB;
Motherboard: Intel Corporation, DB75EN
Antivirus: COMODO Antivirus, Not Updated
Installed software that bypassed Comodo Antivirus and infected my PC - perhaps because I haven't updated it in awhile :(. explorer.exe and a process called 'find.exe' started requesting internet access so I scanned and removed some of the malware with Malwarebytes.

Since then my firewall log shows that explorer.exe is requesting internet access to a range of different IPs every few seconds, both incoming and outgoing.

How can I fix this?

Com Surrogate?

November 3, 2014, 2:40 pm
$
0
0
Well,
I had the computer reformat and reinstall. Virus was bad.
No reply on this thread though. I know you members are busy and I still appreciate what you do.

Random browser windows opening

November 4, 2014, 12:44 am
$
0
0
OTL Extras logfile created on: 4/11/2014 7:11:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner1\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.90 Gb Total Physical Memory | 11.81 Gb Available Physical Memory | 74.28% Memory free
18.27 Gb Paging File | 12.18 Gb Available in Paging File | 66.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.50 Gb Total Space | 833.92 Gb Free Space | 44.77% Space Free | Partition Type: NTFS
Drive D: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 14.61 Gb Total Space | 3.01 Gb Free Space | 20.57% Space Free | Partition Type: FAT32
Drive F: | 59.62 Gb Total Space | 30.33 Gb Free Space | 50.88% Space Free | Partition Type: NTFS

Computer Name: FITZPATRICK | User Name: Owner1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0E21A27B-1A84-4373-B8D6-00608A1E63B4}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{2448459C-7B94-4DC0-8618-EA3449F76AEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{248FCE93-A963-40C1-9BA7-92B3F0322386}" = lport=10243 | protocol=6 | dir=in | app=system |
"{24AC73FD-5CEF-4C7F-9A77-7AE053C4D3C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{2706C4CE-F7BA-42D4-8CE8-A03380BAEE5D}" = lport=445 | protocol=6 | dir=in | app=system |
"{44CABA1D-0FCF-4DFD-9BBE-BA0880A340BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{4626250E-3B25-457F-86FC-D89CE1CC1D46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C1EA8CF-4400-4AB6-AADF-08ECC438BB4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5437D387-CDEE-4E6E-941D-20363AF8A7B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58A03160-CA39-4484-839E-60B9B85A44FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DF4DF17-7FD9-4748-BD9A-FE1BFB1FBA61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76AAC064-E3DA-4EAC-971E-765660B96796}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{8F4751E9-E5B8-4035-971F-51615D591825}" = rport=445 | protocol=6 | dir=out | app=system |
"{985F9576-6375-482D-819D-98D0D9E123CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8DADDAD-888F-4CF5-A5D3-87F4E58A2E8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB9D996A-92BC-4CB1-93A9-56EF64AE54CE}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{C4C20201-FBBD-4798-8D33-9FB924C6824E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C7FC465A-5CF2-4252-BDED-7B0871FDA64A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD99E5C5-EF75-4AF8-B1E6-C682C92B16EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEA1B8FD-D6F2-49B2-9EDE-AA9B08F5F7AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E040E388-6AF3-4096-AFCA-F1AA2C1EEEE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{E8A274AF-A9B3-4787-BCCC-CC652B536F25}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED993616-5322-4AD6-A16A-0DDCF1FE5915}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F85330CE-1AAD-4726-8538-265F0A51C4C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9212052-6EE1-4048-AD36-6C19FCA6A975}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0007DC28-6565-4B84-994E-36452ADEF6CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{002F2DB2-CC10-4346-8CEA-50CD9BAFC9A4}" = dir=out | name=@{microsoft.zunemusic_2.6.343.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0116F894-2338-4542-8DB9-79E950243BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{0127CED1-7FAA-4013-BB24-9A1103B0B0DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{029147A3-84DD-4B76-AA14-48DFFAA928EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{02D169B9-C61F-4CE7-AC02-3EECE7F8D3B4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{04595F06-5BE0-49A9-B682-D7400D179A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe |
"{0A7C99CA-E5BF-4376-BD2D-7CF65ED82D4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma cold war assault\coldwarassault.exe |
"{0D70BBF4-A35B-4241-BE68-653BB7E9812F}" = dir=in | name=[adult swim] australia |
"{0ED29C1A-E5F4-4179-911F-9E419C24FED6}" = protocol=6 | dir=in | app=c:\users\owner1\downloads\utorrent(btkey,https^3a^2f^2futp.st^2fhacuafn v).exe |
"{1002EFAD-5386-4AE3-AF80-B5EE6A083217}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{10E33F5F-CDC6-4B81-80FB-AD201BF50477}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{10E7FD04-4B38-4294-AA25-E85BEFCF4D73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{1546CFAC-8E43-4EB4-81AE-E50E56129C68}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{15F2F83A-5465-44FA-812F-DCF797127BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{179A0424-5432-4E4F-9AE6-C7F6AE431147}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{1B58C266-E135-4D6F-B030-10804E4C0D6C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{1D473768-EB41-4400-8C9E-0D29FD5A7FF8}" = protocol=17 | dir=in | app=c:\users\owner1\downloads\utorrent(btkey,https^3a^2f^2futp.st^2fhacuafn v).exe |
"{1E68A836-D7D9-4557-88AE-9A9630322B17}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{1E6B057E-66E2-4FA3-97A2-F4963594BCB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FB70E50-7E92-40AB-B8F6-5D1B16D7B276}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{250C2139-FB89-45DC-B339-5E7AF86AFC7E}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{268D384B-B066-46F5-A218-25AD22094BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ravenshield.exe |
"{30CCC72F-E0EF-4A9A-9989-5FAB50AB7D10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{323CDA7F-CBD9-43E7-B716-560685EF2A66}" = protocol=6 | dir=out | app=system |
"{32D44AB3-5743-46FC-B7C4-4DCFB836A2C6}" = dir=in | name=skype |
"{34F45C83-2BDB-410A-AC97-331931E1985B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma cold war assault\coldwarassault.exe |
"{36FEF4D2-5138-43B7-8AB0-CE2FEF5E1849}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{3C4BCACD-4CA2-4554-B4CC-D2322F1ECF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{3FFEE5BB-1D72-4122-978F-B23C378987AA}" = protocol=6 | dir=in | app=c:\users\owner1\appdata\roaming\utorrent\utorrent.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{46C2C21E-8125-4B40-9A9B-C6DAABCC9425}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{4A012D99-F01C-4D89-A163-A0C7F76EF85D}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4B0D78C8-B037-4257-B263-16FDB96D1E19}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{4BD78672-B4D9-4E0A-A1AF-A41BF9CAD203}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F6C66D1-D37B-49E8-8311-2D134A66824A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50C0CA1C-AD16-418D-86F7-B685712D097E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{52030451-F899-41DE-9463-C2E6F84A8060}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5D7024F7-E271-4437-9B0B-D4A17F7D0A56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{61BD0134-C3C9-4C65-87F8-411512938F2B}" = dir=out | name=wsop: full house pro |
"{6A8B50BF-2678-4D18-848E-4EB634554CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{6AF1E17F-1D6B-4330-A869-6A1ACE0573B0}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{6CC06CB0-74A7-46B9-ADCC-5479973B22B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ravenshield.exe |
"{70E6398F-FFA9-46BE-9438-D5A7904ADBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{737794FF-5D30-4DE8-BA93-CAD4E4F2DA21}" = dir=out | name=[adult swim] australia |
"{771AC967-041A-4972-AE6C-B8A52132137A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe |
"{781C7F73-E172-4105-9EBA-91A7D0F2E59C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79EA33D7-65C6-431E-91CE-9D1A1E67BD90}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7ABF21C2-5036-43C2-A5DD-E1FF26DEADBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{7AC4FF55-F653-4FBE-BE18-3B849719B97B}" = dir=out | name=skype |
"{7B19D49B-A7C2-4486-A299-94ED84F4ED8B}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7CFAEED4-BCAD-4D4B-AAE9-62D6D381FA94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7FC6AD0E-A33D-4EDB-8052-551656E493EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{808881D3-39E2-4D2D-8C1A-5507EA007714}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81A6E355-49CB-4EB7-AC81-3F3BBB846AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{847502A5-7790-459F-9CB3-BDF1C42F7D27}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{84AC57A7-3587-441A-AD58-303361072F75}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{86E06A95-5E00-4774-A6A9-3BFD42D9CDD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma gold\arma.exe |
"{88A00379-053A-48C3-BDCB-0F8F656E52E2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{8BC9409B-A75E-41A2-9767-C9E7E378C724}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{8BDE3055-8893-4C54-B56F-EEA344B32565}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8BF1EC7F-75CD-4A5D-957D-D94F86570799}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six lockdown\lockdown.exe |
"{8C263440-672E-4158-A52E-C389F3520CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{8D5FC40B-7870-49A8-974B-BB5CF9208F5F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8DD1B535-15D6-4303-92DA-4F0F7A6402C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{8E7AB321-2882-403A-8606-E5A6F20DC1C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E988D45-E68E-4B45-AA5E-4823C4C4FB58}" = protocol=6 | dir=in | app=%systemroot%\system32\rdpsa.exe |
"{8FF65955-141E-41AD-A3DE-EFB3C42AC813}" = dir=out | name=norton studio |
"{9A2DC07D-7595-4868-9B68-F8E53D4F4BE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9A8F81D9-2EEF-4227-8C74-8C5FE9E6FCFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B75DF9F-3970-4202-A22B-E715AA79C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{9DC4F71A-72EF-4A7A-B152-4020A3695EB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A35038F1-ED96-4828-AC51-A61333A8B888}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A47422B8-192A-4E33-9547-923CB53F5815}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\runme.exe |
"{A5313B1E-43B8-4BE2-80DA-75F501160DC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A60B9BB8-07B7-4F4A-94A5-597A0A8BB8F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A67761B0-79E5-439A-B218-858A72456280}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{A69812EF-8A3B-4063-9704-7D9603F298CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{A78FD5AF-733A-452B-B770-9DAEA425D61B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{A8B21EA2-C0FB-4624-AE54-B80E47955F64}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{AC70A093-A89F-4717-9D10-4106D3EB8665}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE13DC4A-E027-4E2C-816D-536AE7A2FB90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{AFE04B79-DEB1-4BB4-8735-E847B5344B66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1C45F31-F909-4509-B868-458344D54A4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4BBABDB-A50C-4F5A-8FBC-45E752502EC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma gold\arma.exe |
"{B8A4743D-B76D-4B25-B3F7-2DA575C551F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{BD291D84-04F5-4A1B-9E38-153F1386F4EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF77FBEA-0198-41A0-9DC8-ABE0CB4732E9}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C453259E-1BAA-4035-8905-3BF652713C45}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C5EB6E78-A27B-484B-AAC9-C079D98EB548}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8AA6010-84D0-4AD1-8B86-134D03213C4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C9B46E17-048D-4F5F-BB3A-59C0995F94A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{CABBADAE-82A7-4FDD-9CD4-7D5BEB325BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{CAED9BDA-5D40-4CF2-AED0-AB40F66E1D02}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{CCB8EACC-2936-4987-A5BB-E051296FF43F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{D1C1A50D-5841-4518-951A-EE25AE33BBAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{D45A2045-186B-4911-BADD-1E970370F54F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB620326-EAF6-4169-A99C-BD6CAF15AE3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{DC956F59-235C-4AD6-B956-2D78FDE95788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCB0ADE0-405B-42B4-A370-4FE1C2AF2703}" = dir=out | name=hp all-in-one printer remote |
"{DD61C57E-C566-4432-8E78-4AA60870A87A}" = dir=out | name=@{microsoft.zunevideo_2.6.376.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{DEE07888-6124-4DAF-9495-D699437B6043}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\runme.exe |
"{DF848522-FEC3-403B-BC12-258249A90E84}" = dir=in | name=hp all-in-one printer remote |
"{E237B758-AF83-4081-8CD2-1864810B6FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{EA06BE6A-51A4-44D0-AA2D-E429C832B246}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED8C8E74-2530-45AE-9DC5-48239775C296}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{F14ABF70-774C-4E25-A3F0-EE88A65F9CAA}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{F1F0F6E0-84FB-4BA2-8DEE-BA4991E5F844}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{F263276A-4EEB-464F-A71F-4ED5CF276426}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{F27ADFF0-BB00-40F0-B27E-4CDF076EED9A}" = protocol=17 | dir=in | app=c:\users\owner1\appdata\roaming\utorrent\utorrent.exe |
"{F43DA951-73C4-41CE-BD29-1D3F5C0CD5A6}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F70B5C74-D1D3-4686-9FDF-473A5684E463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FB5502FA-41A9-4A20-9726-288650052137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{FCAD4383-8F91-4450-A2A6-AA9B7D665C01}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{FD028467-271E-431A-A782-CE52EE3AD848}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{FF53B6D9-FDD4-4C66-9AC8-E98F9444060A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{FFF11763-C36A-4951-8754-F3B6D142CE35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six lockdown\lockdown.exe |
"TCP Query User{9967ADCB-A344-4670-AAA5-D761D32EE51D}C:\program files (x86)\steam\steamapps\common\freespace\fs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freespace\fs.exe |
"TCP Query User{C56A64D6-4AB6-405D-956A-EC74D6A2B9B5}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{401111C8-0BF0-4266-AE46-6BF3294B1E21}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{6E1D80DF-054E-413B-8C6F-1CC8567400E5}C:\program files (x86)\steam\steamapps\common\freespace\fs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freespace\fs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{1D2CEC61-C3F0-C27E-7280-F9D6B10378BE}" = Windows App Certification Kit Native Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects (x64)
"{44D7B997-3F6A-C2F7-78DD-3B31F776CE66}" = ACP Application
"{45DEDAD2-EEBF-400F-A78C-D236F278D442}" = SmartSwitch B14.0110.1
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77F3D72C-465F-BD51-890E-CC3914B1365F}" = Application Verifier x64 External Package
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework (x64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"Logitech Unifying" = Logitech Unifying Software 2.10
"sp6" = Logitech SetPoint 6.61
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0AADC50C-C4F8-49A7-8699-AFE46875CA67}" = BUSB
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{14FB21A1-6011-4335-997A-E2C6D7674785}}_is1" = RJ TextEd
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1F5C7BAE-1E1A-7C93-1B90-84CE308AFC1C}" = Windows Software Development Kit EULA
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2A88CA59-E211-42FC-84CE-66EAE2E9B6EB}" = Foxtel GO
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{34B86C7D-4103-201B-3A13-03934DB11543}" = Windows Software Development Kit Redistributables
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}" = WPT Redistributables
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}" = EasyTune
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9274C832-3D8A-A294-FDE8-8B9272357098}" = SDK Debuggers
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}" = EZSetupN B13.1114.1
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{a37f2d73-72d1-364d-ba5d-cea430bcc040}" = Python 3.4.0
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B74E65FD-CC47-41C5-4B89-791A3F61942D}" = Kits Configuration Installer
"{BC1FA5CF-A36F-4C61-9638-09D0B431B006}" = Smart Recovery 2 B13.1007.1 (x64)
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}" = WPTx64
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}" = @BIOS B13.1112.1
"{CF3A1CA6-5E5E-B4BD-6CF1-363056816CA2}" = MSI Development Tools
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}" = MySQL Server 5.0
"{dfe9c941-2d53-42eb-8631-05ab80216136}" = Windows Software Development Kit for Windows 8.1
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1507473-FB6C-9CA0-8605-56B7BAD86422}" = Catalyst Control Center InstallProxy
"{F395FD4F-40E5-7B56-2BCB-B3CF52B3B52C}" = Windows App Certification Kit x64
"{F3D47276-0E35-42CF-A677-B45118470E21}" = App Center
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"BattlEye for A1" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"InstallShield_{45DEDAD2-EEBF-400F-A78C-D236F278D442}" = SmartSwitch B14.0110.1
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}" = EasyTune
"InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}" = EZSetupN B13.1114.1
"InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}" = @BIOS B13.1112.1
"InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}" = App Center
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Mozilla Thunderbird 24.6.0 (x86 en-GB)" = Mozilla Thunderbird 24.6.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NewsMan Pro_is1" = NewsMan Pro v3.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"QuickPar" = QuickPar 0.9
"Raptr" = Raptr
"Steam" = Steam
"Steam App 107430" = Arma X: Anniversary Edition
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 19830" = Tom Clancy's Rainbow Six 3: Gold Edition
"Steam App 19840" = Tom Clancy's Rainbow Six 3: Athena Sword
"Steam App 214950" = Total War: ROME II
"Steam App 216250" = Dead Island Riptide
"Steam App 218620" = PAYDAY 2
"Steam App 219540" = Arma 2: Operation Arrowhead Beta (Obsolete)
"Steam App 220" = Half-Life 2
"Steam App 239160" = Thief
"Steam App 273600" = Descent: Freespace - The Great War
"Steam App 273620" = Freespace 2
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 500" = Left 4 Dead
"Steam App 65700" = Arma 2: British Armed Forces
"Steam App 65720" = Arma 2: Private Military Company
"Steam App 65780" = Arma: Gold Edition
"Steam App 65790" = Arma: Cold War Assault
"Steam App 91310" = Dead Island
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 9" = TeamViewer 9
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player
"WUCCCApp" = Catalyst Control Center
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3b7aaeb95d46bbc9" = uns
"Foxtel GO 1.5" = Foxtel GO
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2014 4:10:22 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 3006
Description =

Error - 3/11/2014 4:10:27 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 3007
Description =

Error - 3/11/2014 4:10:28 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 10021
Description =

Error - 3/11/2014 4:24:02 AM | Computer Name = Fitzpatrick | Source = Perflib | ID = 1008
Description =

Error - 3/11/2014 5:15:25 AM | Computer Name = Fitzpatrick | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1bd4 Start
Time: 01cff745f4c5949f Termination Time: 4294967295 Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__ 8wekyb3d8bbwe\LiveComm.exe

Report
Id: e8ff2f96-6339-11e4-82f1-74d4355de525 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 3/11/2014 5:45:20 AM | Computer Name = Fitzpatrick | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a4c Start
Time: 01cff74a25a91a06 Termination Time: 4294967295 Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__ 8wekyb3d8bbwe\LiveComm.exe

Report
Id: 1b024afc-633e-11e4-82f1-74d4355de525 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 4/11/2014 1:42:38 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 3006
Description =

Error - 4/11/2014 1:42:58 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 3007
Description =

Error - 4/11/2014 1:43:03 AM | Computer Name = Fitzpatrick | Source = Windows Search Service | ID = 10021
Description =

Error - 4/11/2014 1:47:34 AM | Computer Name = Fitzpatrick | Source = RasClient | ID = 20227
Description =

Error - 4/11/2014 1:48:51 AM | Computer Name = Fitzpatrick | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13ec Start
Time: 01cff7f249de76a1 Termination Time: 4294967295 Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__ 8wekyb3d8bbwe\LiveComm.exe

Report
Id: 3df40431-63e6-11e4-82f2-74d4355de525 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 4/11/2014 2:16:27 AM | Computer Name = Fitzpatrick | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 38.0.2125.111, time
stamp: 0x5447163b Faulting module name: chrome.dll, version: 38.0.2125.111, time
stamp: 0x54471342 Exception code: 0x80000003 Fault offset: 0x004dc123 Faulting process
ID: 0x16d0 Faulting application start time: 0x01cff7f2a342bb95 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll
Report
ID: 1b773d05-63ea-11e4-82f2-74d4355de525 Faulting package full name: Faulting package-relative
application ID:

Error - 4/11/2014 4:00:49 AM | Computer Name = Fitzpatrick | Source = Microsoft-Windows-LocationProvider | ID = 2006
Description = There was an error with the Windows Location Provider database

Error - 4/11/2014 4:14:38 AM | Computer Name = Fitzpatrick | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.

[ System Events ]
Error - 27/10/2014 8:20:54 AM | Computer Name = Fitzpatrick | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 28/10/2014 3:49:50 AM | Computer Name = Fitzpatrick | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:40:40 PM on ?28/?10/?2014 was unexpected.

Error - 29/10/2014 4:26:29 AM | Computer Name = Fitzpatrick | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:49:50 PM on ?29/?10/?2014 was unexpected.

Error - 30/10/2014 6:56:46 PM | Computer Name = Fitzpatrick | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:29 AM on ?31/?10/?2014 was unexpected.

Error - 30/10/2014 7:01:27 PM | Computer Name = Fitzpatrick | Source = Service Control Manager | ID = 7022
Description = The Intel(R) Management and Security Application Local Management
Service service did not respond on starting.

Error - 1/11/2014 2:19:50 AM | Computer Name = Fitzpatrick | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:16:56 PM on ?1/?11/?2014 was unexpected.

Error - 3/11/2014 4:08:50 AM | Computer Name = Fitzpatrick | Source = Service Control Manager | ID = 7030
Description = The NPEService service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/11/2014 4:08:52 AM | Computer Name = Fitzpatrick | Source = DCOM | ID = 10010
Description =

Error - 3/11/2014 4:08:52 AM | Computer Name = Fitzpatrick | Source = DCOM | ID = 10010
Description =

Error - 4/11/2014 1:42:05 AM | Computer Name = Fitzpatrick | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:30:05 PM on ?4/?11/?2014 was unexpected.


< End of report >

Urgent Help Needed against a contagious virus spreading rapidly over a private WIFI

November 4, 2014, 8:29 am
$
0
0
Hi Prashant-Gupta,
I don't know whether I can help with the PC.
I don't have the tools or knowledge to disinfect mobile devices or Mac computers.
(ESET makes a mobile version of its antivirus for android devices)
I may be able to help if this problem is related to the router.

When you "Reset" the router, did you change the default administrator password for the router ?
What make and model number router is it?

askey127

TV Wizard Ad Removal

November 4, 2014, 11:20 am
$
0
0
So I have recently been noticing a constant ad pop-up that sometimes pops up on a different tab and really frustrates me. I have done everything people have been telling me to do but it's still there. These include, disabling the extension on Google chrome, uninstalling the program and restarting my browser. Is there anything else I can do to remove this annoying virus on my PC? I have heard it can be serious if left unattended?
Search

Virus removal

November 4, 2014, 3:28 pm
$
0
0
Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

Number of hits from trojans/viruses

November 4, 2014, 7:56 pm
$
0
0
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Gandalf at 2014-11-04 21:36:32 Run:1
Running from C:\Users\Gandalf\Desktop
Loaded Profile: Gandalf (Available profiles: Gandalf)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2098387635-82296276-96705846-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
cmd: del /q C:\Windows\SysWOW64\*.tmp
C:\Users\Gandalf\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
CustomCLSID: HKU\S-1-5-21-2098387635-82296276-96705846-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
End
*****************
"HKU\S-1-5-21-2098387635-82296276-96705846-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-2098387635-82296276-96705846-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
========= del /q C:\Windows\SysWOW64\*.tmp =========

========= End of CMD: =========
"C:\Users\Gandalf\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.e xe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
"HKU\S-1-5-21-2098387635-82296276-96705846-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
==== End of Fixlog ====
[2014.11.04 21:39:46.224] - Begin
[2014.11.04 21:39:46.224] -
[2014.11.04 21:39:46.224] - ....................................
[2014.11.04 21:39:46.224] - ..::::::::::::::::::....................
[2014.11.04 21:39:46.224] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2014.11.04 21:39:46.224] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
[2014.11.04 21:39:46.224] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
[2014.11.04 21:39:46.224] - .::EE:::::::::::::SS:.EE..........TT......
[2014.11.04 21:39:46.224] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2014.11.04 21:39:46.224] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2014.11.04 21:39:46.224] - ....................................
[2014.11.04 21:39:46.224] -
[2014.11.04 21:39:46.224] - --------------------------------------------------------------------------------
[2014.11.04 21:39:46.224] -
[2014.11.04 21:39:46.224] - INFO: OS: 6.1.7601 SP1
[2014.11.04 21:39:46.224] - INFO: Product Type: Workstation
[2014.11.04 21:39:46.224] - INFO: WoW64: True
[2014.11.04 21:39:46.224] - INFO: Machine guid: 4C5FFE3B-04E5-4F50-9CAA-495E5CA88797
[2014.11.04 21:39:46.224] -
[2014.11.04 21:39:46.240] - INFO: Scanning for system infection...
[2014.11.04 21:39:46.240] - --------------------------------------------------------------------------------
[2014.11.04 21:39:46.240] -
[2014.11.04 21:39:46.240] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.04 21:39:46.240] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.04 21:39:46.240] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.04 21:39:46.240] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.04 21:39:46.240] - INFO: Processing classes...
[2014.11.04 21:39:46.240] - INFO: Processing clsid [\Registry\User\S-1-5-21-2098387635-82296276-96705846-1001\SOFTWARE\Classes\CLSID\{bbbcc0f8-b5f9-4c9a-8ba0-eb6f5db3d731}]
[2014.11.04 21:39:46.240] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.04 21:39:46.240] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.04 21:39:46.240] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.04 21:39:46.240] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.04 21:39:46.240] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.04 21:39:46.240] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.04 21:39:46.240] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.04 21:39:46.240] - INFO: Win32/Poweliks not found
[2014.11.04 21:39:50.857] - End
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Ultimate x64
Ran by Gandalf on Tue 11/04/2014 at 21:41:23.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



~~~ Services


~~~ Registry Values


~~~ Registry Keys


~~~ Files


~~~ Folders


~~~ Event Viewer Logs were cleared




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/04/2014 at 21:42:44.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.311 - Report created 04/11/2014 at 21:45:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gandalf - HOMEWK000000101
# Running from : C:\Users\Gandalf\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344

*************************
AdwCleaner[R0].txt - [1461 octets] - [04/11/2014 20:06:48]
AdwCleaner[R1].txt - [806 octets] - [04/11/2014 21:44:50]
AdwCleaner[S0].txt - [1538 octets] - [04/11/2014 20:07:57]
AdwCleaner[S1].txt - [728 octets] - [04/11/2014 21:45:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [787 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 11/4/2014 8:20:45 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Starting,
Protection, 11/4/2014 8:20:45 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Started,
Protection, 11/4/2014 8:20:45 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 8:20:46 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
Update, 11/4/2014 8:20:49 PM, SYSTEM, HOMEWK000000101, Manual, Rootkit Database, 2014.9.18.1, 2014.11.1.2,
Update, 11/4/2014 8:20:55 PM, SYSTEM, HOMEWK000000101, Manual, Malware Database, 2014.9.19.5, 2014.11.5.2,
Protection, 11/4/2014 8:20:55 PM, SYSTEM, HOMEWK000000101, Protection, Refresh, Starting,
Protection, 11/4/2014 8:20:55 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopping,
Protection, 11/4/2014 8:20:55 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopped,
Protection, 11/4/2014 8:20:58 PM, SYSTEM, HOMEWK000000101, Protection, Refresh, Success,
Protection, 11/4/2014 8:20:58 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 8:20:58 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
Scan, 11/4/2014 8:30:49 PM, SYSTEM, HOMEWK000000101, Manual, Start:11/4/2014 8:21:05 PM, Duration:9 min 43 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 11/4/2014 8:34:26 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Starting,
Protection, 11/4/2014 8:34:26 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Started,
Protection, 11/4/2014 8:34:26 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 8:34:40 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
Protection, 11/4/2014 8:40:22 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Starting,
Protection, 11/4/2014 8:40:22 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Started,
Protection, 11/4/2014 8:40:22 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 8:40:24 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
Protection, 11/4/2014 9:19:59 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopping,
Protection, 11/4/2014 9:19:59 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopped,
Protection, 11/4/2014 9:19:59 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Stopping,
Protection, 11/4/2014 9:19:59 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Stopped,
Protection, 11/4/2014 9:50:28 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Starting,
Protection, 11/4/2014 9:50:28 PM, SYSTEM, HOMEWK000000101, Protection, Malware Protection, Started,
Protection, 11/4/2014 9:50:28 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 9:50:28 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
Update, 11/4/2014 9:50:29 PM, SYSTEM, HOMEWK000000101, Manual, Rootkit Database, 2014.9.18.1, 2014.11.1.2,
Update, 11/4/2014 9:50:34 PM, SYSTEM, HOMEWK000000101, Manual, Malware Database, 2014.9.19.5, 2014.11.5.2,
Protection, 11/4/2014 9:50:34 PM, SYSTEM, HOMEWK000000101, Protection, Refresh, Starting,
Protection, 11/4/2014 9:50:34 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopping,
Protection, 11/4/2014 9:50:34 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Stopped,
Protection, 11/4/2014 9:50:37 PM, SYSTEM, HOMEWK000000101, Protection, Refresh, Success,
Protection, 11/4/2014 9:50:37 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Starting,
Protection, 11/4/2014 9:50:37 PM, SYSTEM, HOMEWK000000101, Protection, Malicious Website Protection, Started,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/4/2014
Scan Time: 8:21:05 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.05.02
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gandalf
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309848
Time Elapsed: 9 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

My computer wont use the internet

November 4, 2014, 8:21 pm
$
0
0
I recently tried removing malware and a possible virus from my computer using c.c cleaner after doing so my computer will not connect to the internet, i have tried connecting it to different wifis and it says that it is connected but when you open the internet browser it says the page cannot be displayed. I have tried removing c.c cleaner from my computer and it still doesnt work, i have tried turning the firewall off and it didnt work. I really don't know what else i could do, as i dont know very much about computers. Someone please help me!
Some Information: I have a gateway laptop it uses windows 7, i'm not sure what other information to provide if you think you can help and need more info please ask!
I also cannot download the sysinfo as i have no internet to get to it,

RunDLL32 Host Process & Other Weirdness

November 4, 2014, 8:35 pm
$
0
0
Howdy all -

It appears I've managed to contract something that is out of my depth to fix. Despite the newness of this particular account, years ago some of you guys helped me remove some nasty malware, so let me see if I remember how to do this.

Primary symptom: I periodically (sometimes several times a minute, sometimes not for hours) get an error that pops up and informs me that Windows Host Process RunDLL32 has stopped responding. I haven't been able to identify an action that reliably triggers it though. The additional information on the latest error, which came up as I was poking around MSE to see if there was a log from my latest system scan read:
Code:
Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    rundll32.exe
  Application Version:    6.1.7600.16385
  Application Timestamp:    4a5bc637
  Fault Module Name:    KERNELBASE.dll
  Fault Module Version:    6.1.7601.18409
  Fault Module Timestamp:    53159a86
  Exception Code:    e06d7363
  Exception Offset:    0000c42d
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033
  Additional Information 1:    4c5b
  Additional Information 2:    4c5b5344a43929c0d9ed1a892969cb3e
  Additional Information 3:    df38
  Additional Information 4:    df387aa9ae61c356aa8349a3df489c6e

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
Possible ancillary symptom: Chrome will not render anything in the browser window (webpages, settings pages, anything - it's all white). This was going on before the RunDLL32 error started popping up. Reinstalling doesn't work.

Actions Taken Thus Far:
  • Ran a full system scan with MSE, which found one issue and quarantined it (I removed it at its recommendation, and can't seem to find a record of what the issue in question was... is there any way to dig that up?).
  • Ran System File Checker as admin from cmd. It reported that it found corrupted files but could not fix all of them.

System Info:
Code:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3957 Mb
Graphics Card: NVIDIA GeForce GTS 360M, 1024 Mb
Hard Drives: C: Total - 456936 MB, Free - 25104 MB;
Motherboard: PEGATRON CORPORATION, G60JX
Antivirus: Microsoft Security Essentials, Updated and Enabled
HiJackThis Log:
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:23:36 PM, on 11/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17116)
CHROME: 1.5.316.0
FIREFOX: 33.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Evernote\Skitch\Skitch.exe
C:\Users\Bill\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bill\Downloads\SysInfo(1).exe
C:\Users\Bill\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=13.37.13.37:1337
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3  - URLSearchHook: Expat Shield Toolbar -  {a060276a-53be-45ec-8ebe-b94b1e803179} -  C:\Users\Bill\AppData\LocalLow\Expat_Shield\prxtbExp0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2  - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2  - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -  C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2  - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -  C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search  Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper -  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files  (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2  - BHO: Windows Live ID Sign-in Helper -  {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common  Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Expat Shield - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Users\Bill\AppData\LocalLow\Expat_Shield\prxtbExp0.dll
O2  - BHO: Java(tm) Plug-In 2 SSV Helper -  {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files  (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper -  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows  Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar -  {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows  Live\Toolbar\wltcore.dll
O3 - Toolbar: Expat Shield Toolbar -  {a060276a-53be-45ec-8ebe-b94b1e803179} -  C:\Users\Bill\AppData\LocalLow\Expat_Shield\prxtbExp0.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4  - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common  Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4  - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe"  ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4  - HKCU\..\Run: [BackgroundContainerV2]  "C:\Windows\SysWOW64\Rundll32.exe"  "C:\Users\Bill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [Skitch] C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
O4 - Startup: Dropbox.lnk = Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9  - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -  C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9  - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows  Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O16  - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}  (JuniperSetupClientControl Class) -  https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A582753B-0195-431F-838B-1E8EDF312FA2}: NameServer = 8.8.8.8,8.8.4.4
O18  - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  C:\Program Files (x86)\Microsoft  Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23  - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe  Systems Incorporated - C:\Program Files (x86)\Common  Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player  Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 -  Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. -  C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23  - Service: Apple Mobile Device - Apple Inc. - C:\Program Files  (x86)\Common Files\Apple\Mobile Device  Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23  - Service: SW Distributed TS Coordinator Service  (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. -  C:\Program Files\SolidWorks Corp\SolidWorks  (2)\swScheduler\DTSCoordinatorService.exe
O23 - Service: Creative  ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files  (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 -  Service: Creative Audio Engine Licensing Service - Creative Labs -  C:\Program Files (x86)\Common Files\Creative Labs  Shared\Service\CTAELicensing.exe
O23 - Service: dlcc_device -  - C:\Windows\system32\dlcccoms.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device -  - C:\Windows\system32\dleacoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23  - Service: FLEXnet Licensing Service - Acresso Software Inc. -  C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet  Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing  Service 64 - Acresso Software Inc. - C:\Program Files\Common  Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23  - Service: Google Updater Service (gusvc) - Google - C:\Program Files  (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23  - Service: Intel(R) Management and Security Application Local  Management Service (LMS) - Intel Corporation - C:\Program Files  (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe (file missing)
O23  - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program  Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service:  Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation -  C:\Program Files (x86)\Mozilla Maintenance  Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23  - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23  - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA  Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update  Core\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\SysWOW64\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23  - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 -  Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown  owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23  - Service: Seagate Dashboard Services - Seagate Technology LLC -  C:\Program Files (x86)\Seagate\Seagate Dashboard  2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service:  @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -  C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service:  SolidWorks Licensing Service - SolidWorks - C:\Program Files  (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23  - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) -  NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D  Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard)  - Adobe Systems Incorporated - C:\Program Files (x86)\Common  Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service:  @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -  C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service:  Intel(R) Management & Security Application User Notification Service  (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)  Management Engine Components\UNS\UNS.exe
O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23  - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23  - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -  Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23  - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -  Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 -  Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -  Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23  - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101  (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media  Player\wmpnetwk.exe (file missing)

--
End of file - 16372 bytes
As usual, any and all help is extremely appreciated! Thanks in advance.

Certificate errors

November 4, 2014, 10:09 pm
$
0
0
it's the "send.ads" virus embedded in the browsers, never had this before!, crazy!!!
Viewing all 4746 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm