Please Help! Can't Resolve Infection

Pho_Shizzle · Oct 9, 2016

Couldn't remember my log in so I had to make a new one. Haven't logged in here in ages, but glad the forum is still up and active!

So first and foremost, I appreciate any help given and Thank You In Advance!

Recently my computer starting bogging/lagging a lot about 15 minutes or so after full windows boot. At first I was unable to view any type of video media ( could not open VLC player, could not view videos on computer, could not stream videos online). All operations on windows is very slow, even loading folder contents. I was also not able to load programs as everything would slow down and fail to execute. Transferring files from HDD o HDD also shown difficulty.

When I try to shut down to restart, windows would get to a point past the splash screen then go into a black backlit screen showing only the white mouse cursor. It would be stuck on this screen until you force shutdown or force restart.

I restarted into Safe Mode and used my existing Norton Security Suite to do a full system scan. Norton showed about 61 infected files, I removed them all. Did another scan with Malwarebytes in Safe Mode and found a few more, removed them. Restarted, and while symptoms seem to have been reduced, the same issues occur inevitably.

Since I need my computer back up and running for college, I figured you guys would be able to assist me a lot faster than I can try myself.

I will post the log results for steps 1-4 from the stickied thread on the next post so I do not exceed character limit.

Pho_Shizzle · Oct 9, 2016

Here are the logs for steps 1-4 on the stickied thread:

ADWCleaner log:

# AdwCleaner v6.021 - Logfile created 09/10/2016 at 12:02:27
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Pho_Shizzle - PHO_SHIZZLE_DAR
# Running from : C:\Users\Pho_Shizzle\Desktop\Antivirus\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Pho_Shizzle\AppData\Roaming\AdvertismentImages

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1089 Bytes] - [09/10/2016 12:02:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1379 Bytes] - [09/10/2016 12:02:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1235 Bytes] ##########

Pho_Shizzle · Oct 9, 2016

Junkware Removal Tool log:

This forum error occurred when I try to post the log:

The following error occurred:
Please enter a message with no more than 100000 characters.

So i have attached the log file to this post instead.

Pho_Shizzle · Oct 9, 2016

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/9/2016
Scan Time: 12:07 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.09.07
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pho_Shizzle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375036
Time Elapsed: 5 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Pho_Shizzle · Oct 9, 2016

And lastly, the OTL log:

OTL logfile created on: 10/9/2016 12:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pho_Shizzle\Desktop\Antivirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.47% Memory free
15.89 Gb Paging File | 13.73 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 12.05 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 163.08 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 105.79 Gb Free Space | 5.68% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 207.95 Gb Free Space | 44.65% Space Free | Partition Type: NTFS
Drive I: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive R: | 2794.39 Gb Total Space | 1632.02 Gb Free Space | 58.40% Space Free | Partition Type: NTFS
Computer Name: PHO_SHIZZLE_DAR | User Name: Pho_Shizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Pho_Shizzle\Desktop\Antivirus\OTL.exe (OldTimer Tools)
PRC - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\Rapoo\RpWireless\RPConfig.exe (RAPOO)
PRC - C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star International)
PRC - C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe ()
PRC - C:\MSI\Smart Utilities\SuperRAIDSvc.exe ()
PRC - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Micro-Star International)
PRC - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (MSI)
PRC - C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (MSI)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_ssl.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._core_.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._controls_.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._windows_.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._gdi_.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_hashlib.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._misc_.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\unicodedata.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\pythoncom27.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32com.shell.shell.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32gui.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_elementtree.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\pyexpat.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._wizard.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32file.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\PyWinTypes27.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32security.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32api.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\usb_ext.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_ctypes.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._animate.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\wx._html2.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_socket.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32inet.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_psutil_windows.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32process.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_multiprocessing.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32pdh.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32pipe.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32ts.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\_yappi.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32event.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\thumbnails_ext.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32profile.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\common.time34.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\win32crypt.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\select.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Local\Temp\_MEI27802\hashobjs_ext.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\fastpath.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\libGLESv2.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\libEGL.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\winxpgui.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32security.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32service.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32process.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32ts.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32profile.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32gui.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32file.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32print.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32evtlog.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32pipe.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32event.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32clipboard.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\win32api.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\mmapfile.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\_jpegtran.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\sip.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\faulthandler.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\_ctypes.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\unicodedata.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\pyexpat.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\pywintypes27.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\select.pyd ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\pythoncom27.dll ()
MOD - C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\librsync.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ed67120b2f61bef90bc0e07f609eca4\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\44feb3576c38df24b7d839b443e7e715\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a8050cc4a3237ea52de951e3cc575ae3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d6204638b750d650b7cbb3278a5954eb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ae206eff0a9816475cd7dd3d680faa48\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\62bb69f490deae0403b8ba7dbd7706d7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\628d5fbb7f335e658de7cd63082c7909\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ef80bf7db724bb3ab5fea4c0e2117cae\System.ni.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b3eb55fa5864a2fc7accbbbbe7fa7246\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Program Files (x86)\Rapoo\RpWireless\Swap.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Qualcomm Atheros Killer Service V2) -- C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Qualcomm Atheros)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Garmin Device Interaction Service) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Garmin Ltd. or its subsidiaries)
SRV - (Origin Client Service) -- H:\Origin\OriginClientService.exe (Electronic Arts)
SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MSIClock_CC) -- C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe (MSI)
SRV - (EasyAntiCheat) -- C:\Windows\SysWOW64\EasyAntiCheat.exe (EasyAntiCheat Ltd)
SRV - (MSICPU_CC) -- C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe ()
SRV - (MSISuperIO_CC) -- C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe ()
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe (Symantec Corporation)
SRV - (MSIDDR_CC) -- C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe ()
SRV - (MSICTL_CC) -- C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe ()
SRV - (MSISMB_CC) -- C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe ()
SRV - (MSICOMM_CC) -- C:\Program Files (x86)\MSI\Command Center\MSICommService.exe ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (MSIBIOSData_CC) -- C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe (MSI)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ECOSERVICE) -- C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe ()
SRV - (SuperRAIDSvc) -- C:\MSI\Smart Utilities\SuperRAIDSvc.exe ()
SRV - (MSI_LiveUpdate_Service) -- C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Micro-Star International)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (MSI)
SRV - (XTU3SERVICE) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel(R) Corporation)
SRV - (GamingApp_Service) -- C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe (Micro-Star Int'l Co., Ltd.)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (MSI_FastBoot) -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (MSI)
SRV - (UsbService) -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\ironx64.sys (Symantec Corporation)
DRV:64bit: - (rpwkmdrv) -- C:\Windows\SysNative\drivers\rpwkmdrv.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD.sys ()
DRV:64bit: - (INETMON) -- C:\Windows\SysNative\drivers\INETMON.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (asstor64) -- C:\Windows\SysNative\drivers\asstor64.sys (Asmedia Technology)
DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Qualcomm Atheros, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1507000.00B\symds64.sys (Symantec Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (Ke2200) -- C:\Windows\SysNative\drivers\e22W7x64.sys (Qualcomm Atheros, Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AcpiCtlDrv) -- C:\Windows\SysNative\drivers\AcpiCtlDrv.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PcaSp60) -- C:\Windows\SysNative\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (HtcVCom32) -- C:\Windows\SysNative\drivers\HtcVComV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vuhub) -- C:\Windows\SysNative\drivers\vuhub.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20161007.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20161009.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20161009.001\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20161005.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NTIOLib_MSI_RAID) -- C:\MSI\Smart Utilities\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MB) -- C:\Program Files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys (MSI)
DRV - (iocbios2) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys (Intel Corporation)
DRV - (cpuz137) -- C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys (CPUID)
DRV - (NTIOLib_ECO) -- C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSIDDR_CC) -- C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSIFrequency_CC) -- C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSIRatio_CC) -- C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSICPU_CC) -- C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSIClock_CC) -- C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSISMB_CC) -- C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSICOMM_CC) -- C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_MSISuperIO_CC) -- C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_FastBoot) -- C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys (MSI)
DRV - (PcaSp60) -- C:\Windows\SysWOW64\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 DD 16 B4 00 A4 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20151208
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.6
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.19
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8.8
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:13.2.4
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.5.0.9
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.5.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.1
FF - prefs.js..services.sync.prefs.sync.browser.search.selectedEngine: true
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.101.2: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pho_Shizzle\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pho_Shizzle\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2016/10/09 12:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{40211632-250D-4B8C-B04E-DA45BAE6DF8C}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2016/10/09 12:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2014/07/20 00:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Extensions
[2016/10/09 12:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2016/01/01 23:42:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2016/01/01 23:41:53 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2016/01/01 23:41:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2016/01/01 23:42:07 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube HD Download [4K]") -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/01/01 23:41:29 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="Xmarks" em:type="2" em:unpack="true" em:version="4.3.7.1-signed" em:creator="Todd Agulnick" em:description="Bookmark Sync and Web Discovery" em:homepageURL="http://www.xmarks.com/" emptionsURL="chrome://foxmarks/content/foxmarks-dialog.xul" em:iconURL="chrome://foxmarks/skin/images/foxmarks.ico" em:developer="LastPass">) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/01/01 23:41:54 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/10/07 00:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions
[2016/04/26 21:22:00 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2016/08/16 00:18:36 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2015/12/09 20:47:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2016/09/18 11:43:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2016/07/30 17:45:22 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube HD Download [4K]") -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/05/25 19:28:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2015/11/11 21:10:27 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/01/01 23:42:18 | 000,016,005 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/01/01 23:41:29 | 000,151,374 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/01/01 23:42:18 | 000,041,764 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2016/01/01 23:41:56 | 000,043,831 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi
[2016/01/01 23:41:55 | 000,014,076 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2016/01/01 23:41:56 | 000,024,805 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
[2016/01/01 23:41:55 | 000,636,306 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2016/01/01 23:41:47 | 000,198,192 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2016/01/01 23:41:45 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/11/11 21:09:14 | 000,016,005 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/04/27 19:27:29 | 000,151,382 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/09/23 00:48:10 | 000,876,056 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2015/11/11 21:38:08 | 000,041,764 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/04/27 21:21:46 | 000,036,320 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/05/05 23:38:51 | 000,024,293 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/04/27 21:21:46 | 000,090,633 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/04/27 21:21:46 | 000,062,298 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/03/23 01:26:49 | 000,071,587 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\[email protected]
[2016/09/26 21:25:05 | 001,019,941 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2016/09/17 02:09:43 | 000,717,884 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2016/07/30 22:11:50 | 000,198,797 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2015/12/08 22:46:49 | 000,054,485 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi
[2016/04/29 23:06:00 | 000,067,957 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2016/04/28 19:19:32 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/28 21:21:47 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/09/25 10:05:32 | 000,007,076 | ---- | M] () (No name found) -- C:\Users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\features\{8688fd66-85c8-4676-82eb-00f54f0411bf}\[email protected]
[2016/09/25 00:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc\2.6.1_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.12.30_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.14_0\
CHR - Extension: No name found = C:\Users\Pho_Shizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [StartCN] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Command Center] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe (MSI)
O4 - HKLM..\Run: [Launch] C:\Program Files (x86)\Rapoo\RpWireless\Launch.exe ()
O4 - HKLM..\Run: [Live Update] C:\Program Files (x86)\MSI\Live Update\StartLiveUpdate.exe (Micro-Star International)
O4 - HKLM..\Run: [Sound Blaster Cinema 2] C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Dropbox Update] C:\Users\Pho_Shizzle\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Pho_Shizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835ABDB0-E7E4-47BB-872A-3B62C85D4870}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/13 05:55:00 | 000,000,043 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{47f084c7-8e20-11e4-a8a9-448a5b99bb68}\Shell - "" = AutoRun
O33 - MountPoints2\{47f084c7-8e20-11e4-a8a9-448a5b99bb68}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- [2009/07/13 05:55:00 | 000,111,880 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016/10/09 12:01:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/10/09 12:01:23 | 000,000,000 | ---D | C] -- C:\Users\Pho_Shizzle\Desktop\Antivirus
[2016/10/09 11:55:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Pho_Shizzle\Desktop\HijackThis.exe
[2016/10/09 11:41:24 | 003,132,544 | ---- | C] (ESET) -- C:\Users\Pho_Shizzle\Desktop\eset_nod32_antivirus_live_installer.exe
[2016/10/06 23:58:36 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/10/06 23:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/10/06 23:38:44 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/10/06 23:38:44 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/10/06 23:38:44 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/10/06 23:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/10/06 23:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/10/06 23:38:09 | 022,851,472 | ---- | C] (Malwarebytes ) -- C:\Users\Pho_Shizzle\Desktop\mbam-setup-2.2.1.1043.exe
[2016/10/06 21:20:27 | 000,000,000 | R--D | C] -- C:\Users\Pho_Shizzle\Searches
[2016/10/06 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Pho_Shizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2016/10/06 00:09:31 | 000,000,000 | ---D | C] -- C:\06bd30e4d250b7132f035809504a45
[2016/10/05 23:57:55 | 000,000,000 | ---D | C] -- C:\6ba3aff290bdfeb3e6a6ceae
[2016/10/05 19:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
[2016/10/05 19:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[2016/10/01 02:35:54 | 000,000,000 | ---D | C] -- C:\Users\Pho_Shizzle\.android
[2016/09/25 00:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/09/16 12:41:34 | 000,286,600 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2016/09/16 12:41:32 | 000,110,472 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2016/09/16 12:41:18 | 000,287,112 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2016/09/16 12:41:16 | 000,523,144 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2016/09/16 12:40:00 | 000,891,272 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_16.40.dll
[2016/09/16 12:39:42 | 000,112,520 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2016/09/16 12:39:38 | 000,103,304 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2016/09/12 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[23 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2016/10/09 12:25:43 | 000,014,480 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2016/10/09 12:25:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/09 12:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/10/09 12:25:08 | 2105,389,055 | -HS- | M] () -- C:\hiberfil.sys
[2016/10/09 12:13:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/10/09 12:13:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/10/09 12:07:21 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/10/09 12:04:39 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000UA.job
[2016/10/09 11:54:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Pho_Shizzle\Desktop\HijackThis.exe
[2016/10/09 11:38:38 | 003,132,544 | ---- | M] (ESET) -- C:\Users\Pho_Shizzle\Desktop\eset_nod32_antivirus_live_installer.exe
[2016/10/08 22:09:09 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2016/10/06 23:38:48 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/10/06 23:33:15 | 000,799,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/10/06 23:33:15 | 000,674,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/10/06 23:33:15 | 000,126,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/10/06 23:23:36 | 022,851,472 | ---- | M] (Malwarebytes ) -- C:\Users\Pho_Shizzle\Desktop\mbam-setup-2.2.1.1043.exe
[2016/10/06 20:35:51 | 000,001,115 | ---- | M] () -- C:\Users\Pho_Shizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2016/10/06 01:07:34 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000UA.job
[2016/10/06 01:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000Core.job
[2016/10/06 00:46:56 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/10/03 21:07:42 | 000,006,704 | ---- | M] () -- C:\Users\Pho_Shizzle\Desktop\111111111re.PNG
[2016/10/02 02:07:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000Core.job
[2016/09/29 22:30:13 | 000,429,027 | ---- | M] () -- C:\Users\Pho_Shizzle\Desktop\486d0a1da2d142fab42c82bbe15f7641.jpeg
[2016/09/26 00:23:10 | 002,170,979 | ---- | M] () -- C:\Users\Pho_Shizzle\Desktop\HACEKM0112.pdf
[2016/09/16 12:41:50 | 000,275,336 | ---- | M] () -- C:\Windows\SysNative\GameManager64.dll
[2016/09/16 12:41:48 | 000,240,008 | ---- | M] () -- C:\Windows\SysWow64\GameManager32.dll
[2016/09/16 12:41:46 | 000,292,744 | ---- | M] () -- C:\Windows\SysNative\dgtrayicon.exe
[2016/09/16 12:41:34 | 000,286,600 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2016/09/16 12:41:32 | 000,110,472 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2016/09/16 12:41:18 | 000,287,112 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2016/09/16 12:41:16 | 000,523,144 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2016/09/16 12:41:16 | 000,230,280 | ---- | M] () -- C:\Windows\SysNative\atieah64.exe
[2016/09/16 12:41:14 | 000,208,264 | ---- | M] () -- C:\Windows\SysWow64\atieah32.exe
[2016/09/16 12:40:10 | 000,248,200 | ---- | M] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2016/09/16 12:40:06 | 000,221,064 | ---- | M] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2016/09/16 12:40:00 | 000,891,272 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_16.40.dll
[2016/09/16 12:39:50 | 000,267,656 | ---- | M] () -- C:\Windows\SysNative\hsa-thunk64.dll
[2016/09/16 12:39:46 | 000,233,352 | ---- | M] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/09/16 12:39:44 | 000,269,192 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2016/09/16 12:39:42 | 000,112,520 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2016/09/16 12:39:38 | 000,103,304 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2016/09/16 12:00:12 | 000,751,344 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2016/09/16 12:00:12 | 000,751,344 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2016/09/16 11:58:42 | 003,437,632 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2016/09/16 11:54:10 | 003,471,376 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2016/09/16 00:24:11 | 000,009,216 | ---- | M] () -- C:\My3DGraph.grf
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[23 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2016/10/06 23:38:48 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/10/05 19:50:03 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/10/05 19:50:03 | 000,261,920 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/10/05 19:50:03 | 000,125,216 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/10/05 19:50:03 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/10/03 21:07:42 | 000,006,704 | ---- | C] () -- C:\Users\Pho_Shizzle\Desktop\111111111re.PNG
[2016/09/29 22:30:12 | 000,429,027 | ---- | C] () -- C:\Users\Pho_Shizzle\Desktop\486d0a1da2d142fab42c82bbe15f7641.jpeg
[2016/09/26 00:23:10 | 002,170,979 | ---- | C] () -- C:\Users\Pho_Shizzle\Desktop\HACEKM0112.pdf
[2016/09/25 12:27:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\spu_storage.bin
[2016/09/16 12:41:50 | 000,275,336 | ---- | C] () -- C:\Windows\SysNative\GameManager64.dll
[2016/09/16 12:41:48 | 000,240,008 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2016/09/16 12:41:46 | 000,292,744 | ---- | C] () -- C:\Windows\SysNative\dgtrayicon.exe
[2016/09/16 12:41:16 | 000,230,280 | ---- | C] () -- C:\Windows\SysNative\atieah64.exe
[2016/09/16 12:41:14 | 000,208,264 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016/09/16 12:40:10 | 000,248,200 | ---- | C] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2016/09/16 12:40:06 | 000,221,064 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2016/09/16 12:39:50 | 000,267,656 | ---- | C] () -- C:\Windows\SysNative\hsa-thunk64.dll
[2016/09/16 12:39:46 | 000,233,352 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/09/16 12:39:44 | 000,269,192 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2016/09/16 12:00:12 | 000,751,344 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2016/09/16 12:00:12 | 000,751,344 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2016/09/16 11:58:42 | 003,437,632 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2016/09/16 11:54:10 | 003,471,376 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2016/09/09 11:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/09 11:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016/02/01 00:28:55 | 000,000,911 | ---- | C] () -- C:\Users\Pho_Shizzle\AppData\Local\recently-used.xbel
[2016/01/17 20:12:28 | 000,089,942 | ---- | C] () -- C:\Users\Pho_Shizzle\f4d5ee3b_zps7e71a244.jpg
[2015/11/01 23:32:00 | 000,011,515 | ---- | C] () -- C:\Users\Pho_Shizzle\Laptop_Wall_Mount.zip
[2015/11/01 21:29:37 | 000,025,568 | ---- | C] () -- C:\Users\Pho_Shizzle\LaptopWallMount_preview_featured.jpg
[2015/09/04 01:29:34 | 002,614,633 | ---- | C] () -- C:\Users\Pho_Shizzle\Halo_Too_manual.pdf
[2015/09/04 01:27:23 | 004,486,415 | ---- | C] () -- C:\Users\Pho_Shizzle\HALO_B_V35_Manual.pdf
[2015/08/08 10:01:12 | 004,971,247 | ---- | C] () -- C:\Users\Pho_Shizzle\Prodrive-WR-Sport-PPP-Dealer-Brochure.pdf
[2015/07/05 20:39:21 | 000,041,826 | ---- | C] () -- C:\Users\Pho_Shizzle\DSC02872.jpg
[2015/07/03 00:53:34 | 001,368,106 | ---- | C] () -- C:\Users\Pho_Shizzle\Capture.PNG
[2015/07/02 23:58:48 | 004,026,251 | ---- | C] () -- C:\Users\Pho_Shizzle\B5A-0214-00.pdf
[2015/07/02 23:42:15 | 000,006,827 | ---- | C] () -- C:\Users\Pho_Shizzle\Prescription 2.PNG
[2015/07/02 23:41:07 | 000,031,453 | ---- | C] () -- C:\Users\Pho_Shizzle\Prescription 1.PNG
[2015/02/07 22:21:08 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/01/01 02:48:12 | 001,351,117 | ---- | C] () -- C:\Windows\unins000.exe
[2015/01/01 02:48:12 | 000,037,895 | ---- | C] () -- C:\Windows\unins000.dat
[2014/11/20 22:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/09/06 16:58:05 | 000,324,750 | ---- | C] () -- C:\Users\Pho_Shizzle\How to Spot a Fake.pdf
[2014/09/06 16:57:58 | 008,958,825 | ---- | C] () -- C:\Users\Pho_Shizzle\Identifying Counterfeits.pdf
[2014/07/27 23:03:36 | 000,000,098 | ---- | C] () -- C:\Users\Pho_Shizzle\AppData\Roaming\LauncherSettings_live.cfg
[2014/07/27 22:51:11 | 000,000,040 | ---- | C] () -- C:\Users\Pho_Shizzle\AppData\Roaming\TheHunterSettings_steam_live.cfg
[2014/07/19 21:44:22 | 000,007,611 | ---- | C] () -- C:\Users\Pho_Shizzle\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 22:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 22:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/05/09 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\.mono
[2015/01/14 01:33:41 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\AMD
[2014/11/24 23:46:24 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\DAEMON Tools Lite
[2016/10/06 20:35:47 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Dropbox
[2014/12/10 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Garmin
[2014/10/19 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\GoPro
[2015/08/10 23:37:38 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\HTC
[2016/05/27 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\IrfanView
[2015/06/29 00:49:04 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Jasc
[2014/12/11 21:56:06 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\library_dir
[2014/07/20 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Maxthon3
[2015/06/06 02:07:38 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\naviextras
[2014/08/06 00:36:39 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Oracle
[2015/10/17 00:23:21 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Origin
[2014/12/24 00:27:58 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\PhraseExpress
[2016/07/14 23:05:59 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\PlaysTV
[2016/10/08 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Raptr
[2014/07/22 01:22:07 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Replay Media Catcher 4
[2015/05/21 01:15:09 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Steam
[2016/09/28 23:13:51 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\TeamViewer
[2014/07/27 22:51:12 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\theHunter
[2014/07/27 22:48:28 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\theHunterSteam
[2014/08/28 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\Thunderbird
[2016/10/02 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\Pho_Shizzle\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >

Pho_Shizzle · Oct 9, 2016

Please let me know what else is required for you to further assist me!

voyagerfan99 · Oct 9, 2016

@johnb35

johnb35 · Oct 9, 2016

A few things...

1. Do you have access to the prior logs so we know what was removed?
2. I see that you have utorrent installed, do you have any pirated software installed?
3. Have you ran a temp file cleaner such as Ccleaner or ATF or TFC? Would suggest doing so now.
4. I'm not seeing much in your OTL log. Just a minor fix.
5. Have you looked in event viewer to see if any errors show up?

For now download and run the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

In your next reply please post:

The combofix log

Pho_Shizzle · Oct 9, 2016

Combofix is unable to complete a full scan before the system locks up. Can I run combofix through booting into safemode instead?

johnb35 · Oct 9, 2016

Yes, use safemode.

Pho_Shizzle · Oct 9, 2016

And to answer your questions:

1. Do you have access to the prior logs so we know what was removed?
Yes. I have attached them below through file attachments.

2. I see that you have utorrent installed, do you have any pirated software installed?
I do, but they were all installed upon initial OS install, which was more than 2 years ago. No recent new pirated programs have been installed.

3. Have you ran a temp file cleaner such as Ccleaner or ATF or TFC? Would suggest doing so now.
I have just done so, per your suggestions.

4. I'm not seeing much in your OTL log. Just a minor fix.
5. Have you looked in event viewer to see if any errors show up?
I have looked and see errors reported. How would you like for me to share them to you?

Pho_Shizzle · Oct 9, 2016

Combofix log:

ComboFix 16-09-28.01 - Pho_Shizzle 10/09/2016 15:29:50.3.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8138.7213 [GMT -7:00]
Running from: c:\users\Pho_Shizzle\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\ntuser.pol
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_ctypes.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_elementtree.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_hashlib.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_multiprocessing.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_psutil_windows.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_socket.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_ssl.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\_yappi.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\common.time34.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\hashobjs_ext.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\pyexpat.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\pysqlite2._sqlite.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\python27.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\pythoncom27.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\PyWinTypes27.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\select.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\thumbnails_ext.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\unicodedata.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\usb_ext.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32api.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32com.shell.shell.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32crypt.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32event.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32file.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32gui.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32inet.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32pdh.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32pipe.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32process.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32profile.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32security.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\win32ts.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\windows._lib_cacheinvalidation.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._animate.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._controls_.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._core_.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._gdi_.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._html2.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._misc_.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._windows_.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wx._wizard.pyd
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxbase30u_net_vc90.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxbase30u_vc90.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxmsw30u_adv_vc90.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxmsw30u_core_vc90.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxmsw30u_html_vc90.dll
c:\users\PHO_SH~1\AppData\Local\Temp\_MEI31042\wxmsw30u_webview_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_ctypes.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_elementtree.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_hashlib.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_multiprocessing.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_psutil_windows.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_socket.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_ssl.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\_yappi.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\common.time34.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\hashobjs_ext.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\pyexpat.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\pysqlite2._sqlite.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\python27.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\pythoncom27.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\PyWinTypes27.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\select.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\thumbnails_ext.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\unicodedata.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\usb_ext.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32api.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32com.shell.shell.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32crypt.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32event.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32file.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32gui.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32inet.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32pdh.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32pipe.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32process.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32profile.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32security.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\win32ts.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\windows._lib_cacheinvalidation.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._animate.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._controls_.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._core_.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._gdi_.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._html2.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._misc_.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._windows_.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wx._wizard.pyd
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxbase30u_net_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxbase30u_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxmsw30u_adv_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxmsw30u_core_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxmsw30u_html_vc90.dll
c:\users\Pho_Shizzle\AppData\Local\Temp\_MEI31042\wxmsw30u_webview_vc90.dll
c:\windows\SysWow64\SET1139.tmp
c:\windows\SysWow64\SET1F8F.tmp
c:\windows\SysWow64\SET438.tmp
c:\windows\SysWow64\SET4F1D.tmp
c:\windows\SysWow64\SET522A.tmp
c:\windows\SysWow64\SET6C9A.tmp
c:\windows\SysWow64\SET7401.tmp
c:\windows\SysWow64\SET90F9.tmp
c:\windows\SysWow64\SET9139.tmp
c:\windows\SysWow64\SET940E.tmp
c:\windows\SysWow64\SETA9C1.tmp
c:\windows\SysWow64\SETA9C2.tmp
c:\windows\SysWow64\SETAC56.tmp
c:\windows\SysWow64\SETB08D.tmp
c:\windows\SysWow64\SETB0BE.tmp
c:\windows\SysWow64\SETC71D.tmp
c:\windows\SysWow64\SETCCE5.tmp
c:\windows\SysWow64\SETCDF2.tmp
c:\windows\SysWow64\SETCE1F.tmp
c:\windows\SysWow64\SETD022.tmp
c:\windows\SysWow64\SETD6AE.tmp
c:\windows\SysWow64\SETD796.tmp
c:\windows\SysWow64\SETD9F3.tmp
c:\windows\SysWow64\SETFCD7.tmp
c:\windows\SysWow64\tmp9689.tmp
c:\windows\SysWow64\tmp96A9.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-09-09 to 2016-10-09 )))))))))))))))))))))))))))))))
.
.
2016-10-09 22:32 . 2016-10-09 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-09 22:20 . 2016-10-09 22:20 -------- d-----w- c:\program files\CCleaner
2016-10-09 19:01 . 2016-10-09 19:02 -------- d-----w- C:\AdwCleaner
2016-10-07 06:58 . 2016-10-09 22:10 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-07 06:38 . 2016-10-07 06:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-07 06:38 . 2016-10-07 06:38 -------- d-----w- c:\programdata\Malwarebytes
2016-10-07 06:38 . 2016-03-10 21:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-07 06:38 . 2016-03-10 21:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-07 06:38 . 2016-03-10 21:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-06 07:09 . 2016-10-06 07:09 -------- d-----w- C:\06bd30e4d250b7132f035809504a45
2016-10-06 06:57 . 2016-10-06 06:57 -------- d-----w- C:\6ba3aff290bdfeb3e6a6ceae
2016-10-06 02:50 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-10-06 02:50 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-10-06 02:50 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2016-10-06 02:50 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-10-06 02:50 . 2016-10-06 02:50 -------- d-----w- c:\program files (x86)\VulkanRT
2016-10-01 09:35 . 2016-10-01 09:35 -------- d-----w- c:\users\Pho_Shizzle\.android
2016-09-25 19:27 . 2016-10-09 05:09 65536 ----a-w- c:\windows\system32\spu_storage.bin
2016-09-16 19:40 . 2016-09-16 19:40 92328 ----a-w- c:\windows\SysWow64\atimpc32.dll
2016-09-16 19:39 . 2016-09-16 19:39 134536 ----a-w- c:\windows\SysWow64\amduve32.dll
2016-09-16 19:38 . 2016-09-16 19:38 38268808 ----a-w- c:\windows\SysWow64\amdocl.dll
2016-09-16 19:38 . 2016-09-16 19:38 27287944 ----a-w- c:\windows\SysWow64\atioglxx.dll
2016-09-16 19:38 . 2016-09-16 19:38 33239432 ----a-w- c:\windows\system32\atio6axx.dll
2016-09-16 19:37 . 2016-09-16 19:37 26550784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-09 03:06 . 2014-07-20 01:26 144199024 -c--a-w- c:\windows\system32\MRT.exe
2016-09-16 19:42 . 2016-07-18 22:21 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2016-09-16 19:42 . 2015-12-04 17:45 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2016-09-16 19:42 . 2013-09-12 02:41 7213248 ----a-w- c:\windows\SysWow64\atiumdag.dll
2016-09-16 19:42 . 2013-09-12 02:41 8847888 ----a-w- c:\windows\system32\atiumd64.dll
2016-09-16 19:42 . 2013-09-12 02:42 123776 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2016-09-16 19:42 . 2013-09-12 02:42 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2016-09-16 19:41 . 2015-12-04 17:45 10936704 ----a-w- c:\windows\system32\atidxx64.dll
2016-09-16 19:41 . 2016-07-18 22:21 9093504 ----a-w- c:\windows\SysWow64\atidxx32.dll
2016-09-16 19:41 . 2013-09-12 02:42 1549272 ----a-w- c:\windows\system32\aticfx64.dll
2016-09-16 19:41 . 2013-09-12 02:41 9983912 ----a-w- c:\windows\SysWow64\atiumdva.dll
2016-09-16 19:40 . 2013-09-12 02:42 1272184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2016-09-16 19:40 . 2013-09-12 02:41 10981024 ----a-w- c:\windows\system32\atiumd6a.dll
2016-09-16 19:40 . 2015-06-23 01:11 997768 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2016-09-09 18:25 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-07-24 07:55 . 2014-10-21 04:37 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Dropbox Update"="c:\users\Pho_Shizzle\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-02 134512]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-07-29 23375200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-26 8912088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Cinema 2"="c:\program files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" [2014-02-24 1440768]
"Live Update"="c:\program files (x86)\MSI\Live Update\StartLiveUpdate.exe" [2014-03-28 579056]
"Launch"="c:\program files (x86)\Rapoo\RpWireless\Launch.exe" [2014-05-21 414008]
"Command Center"="c:\program files (x86)\MSI\Command Center\StartCommandCenter.exe" [2015-05-27 797648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-10-6 25243040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2013-10-31 21950464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20161005.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [x]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\ccSetx64.sys [x]
R1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20161007.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20161007.001\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1507000.00B\SYMNETS.SYS [x]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ECOSERVICE;ECOSERVICE;c:\program files (x86)\MSI\ECO Center\ECO_Service.exe;c:\program files (x86)\MSI\ECO Center\ECO_Service.exe [x]
R2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
R2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
R2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [x]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
R2 MSICTL_CC;MSICTL_CC;c:\program files (x86)\MSI\Command Center\MSIControlService.exe;c:\program files (x86)\MSI\Command Center\MSIControlService.exe [x]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
R2 SuperRAIDSvc;SuperRAIDSvc;c:\msi\Smart Utilities\SuperRAIDSvc.exe;c:\msi\Smart Utilities\SuperRAIDSvc.exe [x]
R2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [x]
R2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz137;cpuz137;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
R3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 MSIBIOSData_CC;MSIBIOSData_CC;c:\program files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe;c:\program files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [x]
R3 MSICDSetup;MSICDSetup;i:\cdriver64.sys;i:\CDriver64.sys [x]
R3 MSIClock_CC;MSIClock_CC;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [x]
R3 MSICOMM_CC;MSICOMM_CC;c:\program files (x86)\MSI\Command Center\MSICommService.exe;c:\program files (x86)\MSI\Command Center\MSICommService.exe [x]
R3 MSICPU_CC;MSICPU_CC;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe [x]
R3 MSIDDR_CC;MSIDDR_CC;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [x]
R3 MSISMB_CC;MSISMB_CC;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [x]
R3 MSISuperIO_CC;MSISuperIO_CC;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;i:\ntiolib_x64.sys;i:\NTIOLib_X64.sys [x]
R3 NTIOLib_ECO;NTIOLib_ECO;c:\program files (x86)\MSI\ECO Center\NTIOLib_X64.sys;c:\program files (x86)\MSI\ECO Center\NTIOLib_X64.sys [x]
R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]
R3 NTIOLib_MSI_RAID;NTIOLib_MSI_RAID;c:\msi\Smart Utilities\NTIOLib_X64.sys;c:\msi\Smart Utilities\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIClock_CC;NTIOLib_MSIClock_CC;c:\program files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICOMM_CC;NTIOLib_MSICOMM_CC;c:\program files (x86)\MSI\Command Center\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICPU_CC;NTIOLib_MSICPU_CC;c:\program files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIFrequency_CC;NTIOLib_MSIFrequency_CC;c:\program files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIRatio_CC;NTIOLib_MSIRatio_CC;c:\program files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISuperIO_CC;NTIOLib_MSISuperIO_CC;c:\program files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;h:\origin\OriginClientService.exe;h:\origin\OriginClientService.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 asstor64;asstor64;c:\windows\system32\DRIVERS\asstor64.sys;c:\windows\SYSNATIVE\DRIVERS\asstor64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMEFA64.SYS [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 AcpiCtlDrv;AcpiCtlDrv;c:\windows\system32\DRIVERS\AcpiCtlDrv.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiCtlDrv.sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 rpwkmdrv;Rapoo Wireless Device Driver v1.4.1;c:\windows\system32\drivers\rpwkmdrv.sys;c:\windows\SYSNATIVE\drivers\rpwkmdrv.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys;c:\windows\SYSNATIVE\DRIVERS\vuhub.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-04 02:47 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-06 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000Core.job
- c:\users\Pho_Shizzle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-02 02:54]
.
2016-10-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000UA.job
- c:\users\Pho_Shizzle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-02 02:54]
.
2016-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20 03:17]
.
2016-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20 03:17]
.
2016-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000Core.job
- c:\users\Pho_Shizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-12 09:33]
.
2016-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451852660-2627386536-4071465190-1000UA.job
- c:\users\Pho_Shizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-12 09:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-07-29 16:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-07-29 16:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-07-29 16:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-12 16:58 2334416 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-12 16:58 2334416 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-12 16:58 2334416 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-04 7543000]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 10801944]
"StartCN"="c:\program files\AMD\CNext\CNext\RadeonSettings.exe" [2016-09-16 8027016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\olzw6kxg.default-1447301196454\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-553E35CD-0415-41bc-B39A-410375E88534 - c:\program files (x86)\Intel\ACPI Driver Installer\Uninstall\setup.exe
AddRemove-DiRT 2_is1 - h:\program files (x86)\DiRT 2\Uninstall\unins000.exe
AddRemove-DiRT 3 Complete Edition_is1 - h:\program files (x86)\DiRT 3 Complete Edition\unins000.exe
AddRemove-PunkBusterSvc - h:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
AddRemove-Star Wars: The Force Unleashed 2_is1 - h:\program files (x86)\Star Wars The Force Unleashed 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11;c:\program files (x86)\Norton Security Suite\Engine64\21.7.0.11"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-10-09 15:34:06
ComboFix-quarantined-files.txt 2016-10-09 22:34
.
Pre-Run: 14,841,487,360 bytes free
Post-Run: 14,668,345,344 bytes free
.
- - End Of File - - 84BAE532B52DDDD43DEFF21B80F4AE1E
3AA54A8194CE442461EAB63B61A9FE45

johnb35 · Oct 10, 2016

If you have saved the OTL extras log when you ran it, it will have the last 10 errors listed. If you didn't save it please rerun it and post the otl extras log.

I'll be back in a few minutes with a couple fixes for you to run.

Pho_Shizzle · Oct 10, 2016

Ah, I was wondering what that second log was that got saved.

OTL Extras log:

OTL Extras logfile created on: 10/9/2016 12:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pho_Shizzle\Desktop\Antivirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.47% Memory free
15.89 Gb Paging File | 13.73 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 12.05 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 163.08 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 105.79 Gb Free Space | 5.68% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 207.95 Gb Free Space | 44.65% Space Free | Partition Type: NTFS
Drive I: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive R: | 2794.39 Gb Total Space | 1632.02 Gb Free Space | 58.40% Space Free | Partition Type: NTFS
Computer Name: PHO_SHIZZLE_DAR | User Name: Pho_Shizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0171A076-3034-4FB0-AE9E-B8FE35A116D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{02715735-5908-4A96-9E92-B8514A863F2A}" = lport=445 | protocol=6 | dir=in | app=system |
"{05659C43-D546-4632-887B-63B0D713F690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BC4CE4B-13A2-428B-B327-68753B94975A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17A940A3-E78C-4DF5-92F4-920E93383277}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E32B5DF-5297-4FB3-ACD4-9A8F130F1609}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EE0BA9F-BE08-41F0-8094-A80688B92089}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36821A87-C1C6-401D-B4D8-B0F248C4AA0D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{394BE053-F162-4094-AD79-F49A97BEA6EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{44624DFD-72A2-4405-AE1B-6EB7D3979C42}" = rport=445 | protocol=6 | dir=out | app=system |
"{49DCF417-77E5-4B0D-AABB-879FF2FCC69B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D53C008-C524-4C73-B68B-C28B9D32BCC3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50A390A8-F3BF-4026-AAD4-333F944089D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{551D6393-EAEC-493D-ABA3-479AEEFFC469}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A10AB5F-46DF-4F5E-8CA0-20650EE5DAF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{76EAB6FD-6422-41D1-8C6F-73070ECAC57A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FA537C3-502D-442E-A02C-9746A48BC94F}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E0D596E-2132-4CB2-B06D-CBBFFC6262C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F628445-08D6-4DF8-AAB6-93576E87EFD9}" = lport=139 | protocol=6 | dir=in | app=system |
"{B68E1C40-7E99-4F8D-A1E3-4E9B6C9C5F56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D953039C-147D-4EB3-9D55-2C61A9579CDF}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"{E0460272-9221-4A9C-B1CE-24FDB1DAAD7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA242683-9959-4D81-B60E-66A058EC2B82}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE88A38B-EF76-4522-A937-DC2D5326F13D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{EFB2EBFA-4882-4DCF-ADD7-FE597AAD0220}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F60A760B-2327-49BC-AD19-F03D9B06561D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015D9EAA-8282-4776-84AE-B633D721CD0E}" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe |
"{017F3EB0-23CF-450B-9700-1BC5394405B1}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{03AABCAE-7F61-42CF-BEB6-2921CFF2D818}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{0403F4B1-F3D5-401F-A3EA-F2268A1F0DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{05E34626-74B0-4A40-972A-A256A3778382}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{0782FA86-81B1-4431-A1A0-4ACE353A38BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{0A43BED8-0BA6-41D7-9D38-581DD06E04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{0E63AB6A-B37D-4985-B184-FCB36CA46F70}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{1050B348-F7EB-4CF6-9CCC-32044CF9636F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\raceroom racing experience\game\rrre.exe |
"{108B3404-8614-4D26-B6C3-96972396D861}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe |
"{15C24665-2CED-4CD7-95EB-63AC75B995E0}" = protocol=1 | dir=out | [email protected],-28544 |
"{18FACF81-08FD-4162-89EB-0C1EE39178C9}" = protocol=6 | dir=in | app=h:\program files\dirt2\dirt2_game.exe |
"{1A633BCE-B88E-4945-9496-0C6C3E20993F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{1BBF5FAC-D30F-4A92-8EB0-ED6F09336F6B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E15B74B-0EF8-4235-BE4B-D393A2EC7F63}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{1F02A36B-171A-4B7C-90D5-550CC2B4F48B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{22C08ADB-B5C0-42DA-A122-53560464419C}" = dir=in | app=h:\pokego\nox\bin\nox.exe |
"{25C02294-187D-4DB0-B39E-121EC6C12D44}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{283E95E6-2A8A-4E86-BEEE-9431F96E788D}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\qiswizard.exe |
"{2897298D-567C-4F6C-AC06-E79A8CF09225}" = protocol=17 | dir=in | app=h:\steam\bin\steamwebhelper.exe |
"{290D0433-ABFA-4C2A-9800-AA8E9EF8C4B0}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\qiswizard.exe |
"{2D827AEF-E7FD-40A3-9D1E-A9E6AB7EAFB1}" = protocol=6 | dir=in | app=i:\printer\printer.exe |
"{2EA1D2F2-A9AF-46E2-B210-53C6E57EF75D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{2F31B6D1-2C9D-4DBB-9917-8F9E408F2BBE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{3188B47E-100C-4470-89DF-B5A49FF5AB8B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sniper elite 3\launcher\sniper3launcher.exe |
"{31F95976-3EE6-4C11-903A-DAFF8524265C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{32252A26-B683-4799-9E4E-C81D300E9E59}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe |
"{3329DC37-EAB8-4CE5-9EA4-6AF3C9BAEE64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{379B1E35-BBCF-4F83-B6FD-4563DC4CED3E}" = protocol=58 | dir=in | [email protected],-28545 |
"{3B8807A3-A7E7-423B-9DEB-B7C5FD3C4344}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{43803A25-C574-4EEE-AE10-A39CF40323B1}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{43A7E854-744B-4253-BE85-63EDD061851C}" = protocol=17 | dir=in | app=h:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{4526BCCC-3A25-4328-B114-7970AEFC5834}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe |
"{456E1D2A-7E66-47F3-B762-E1E2CE610003}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{46D6E6CD-1D32-480F-9E2D-54ABB1341381}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe |
"{47A0791E-D6D6-4C73-A5DD-6E6843D50EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{4A5225C3-0904-445C-967F-BA54F65FF1BD}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\thehunter\launcher\launcher.exe |
"{4D60B9D5-5E1C-4254-83BB-5ECE0B0B52F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{516D5C73-282B-4282-BA96-70574329591C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{51E6D23E-7F91-427C-9FEC-97D60BDCF265}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{5B66DDB5-A579-4EF1-8485-22992313872D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{5D1658B1-F917-4EA6-816B-6E3345AF27A0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\discovery.exe |
"{5E818DDA-B6C8-42FD-832B-A4E20ABD0737}" = protocol=6 | dir=in | app=h:\steam\steam.exe |
"{62816C7D-FBC3-4194-AC6F-AB96591CC0FB}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{66D09148-D48A-4C22-B562-7ED5D367C4C8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{67B07286-52B0-4A17-802F-7F1B4A09E00E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{73A4327D-A6D8-44CC-96A5-DC28D1E821ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{78E2A177-AE99-487E-B3B2-9463221F324E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7A873745-CCDE-43F9-828D-C29859E4287F}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{7CB411E8-E984-4EF9-9E03-B659CA33A187}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{7D1BDA40-FECF-486D-96AA-229765BFB130}" = dir=in | app=c:\program files (x86)\intel\extreme tuning utility\client\perftune.exe |
"{7D213FD2-C656-444B-B473-FB7DE433E68C}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{7DD03FB3-FA4E-4F3B-9522-C35DC74FBA01}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sniper elite 3\launcher\sniper3launcher.exe |
"{7FE94478-3EE9-416C-87AB-5CDABFF5968B}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{815CD46B-D4EF-48EC-BCB4-093021176712}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sleepingdogs\hkship.exe |
"{8376FB43-7254-4740-B226-9B0191AD1611}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{863C1586-BA15-4D17-846A-17C772BC1313}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{869F4CB8-0CB2-4B05-A016-8A639D788EC8}" = protocol=6 | dir=in | app=i:\routersetup\qiswizard.exe |
"{8728AE40-2C2B-4C11-8660-3F0A9714CA89}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sleepingdogs\hkship.exe |
"{872C3E46-1AED-410F-AD58-235817891704}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8A06377F-2068-42E0-AD00-7A782863504A}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{8CD5F86B-BFB8-42A5-AD08-EEB705F3A397}" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe |
"{9826F51C-6436-4ED5-B997-9AE619C1AE27}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{9CE68FD9-2472-45D5-8A20-BCCFEFDCBA3F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\team fortress 2\hl2.exe |
"{A059D880-362F-449B-84CB-F8BB1577EDDC}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{A1F0A6DE-7020-4BD7-8785-167A7EEA6880}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A5438DCB-8972-4318-B0B0-E4BBC6CCF20B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A649A1AA-C9D7-45A8-B011-A4853EF91894}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{AA8C9AE2-F5DA-48DE-B087-4A835C23685C}" = protocol=17 | dir=in | app=h:\steam\steam.exe |
"{ADA84EB9-5E2D-4145-92A7-E05C68C18FDF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sniper elite v2\launcher\sniperv2launcher.exe |
"{AE376AD3-F4CD-4F48-A4CA-07B136194C09}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{AF52D4C9-E2A7-4480-84E0-37751BDCA503}" = protocol=6 | dir=in | app=h:\program files (x86)\origin games\need for speed world\gamelauncher.exe |
"{B055DED9-FD0E-4270-A32B-00330A4CA7A8}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{B1B47709-030F-4940-9622-3555C90379D9}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe |
"{B1B58E7F-2D1D-4F60-8B56-5B1B1A6131F1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe |
"{B2F2BBA8-C870-4561-B9C6-4C38ED7AFAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\rescue.exe |
"{B300CAD1-3411-48F6-8B71-A284CC090827}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe |
"{B4A598EA-47C9-47FC-BB07-8E1C96834284}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{B4B4DC87-EEDD-4C2B-82FB-5224CE51676B}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\rescue.exe |
"{B4E66BF2-73A0-493E-B32A-A3E7383A7EB2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{B5F62DAB-2758-4A92-828F-CE053E8E0F65}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B68F78FC-8134-45EC-8F4E-1F12291B4D23}" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"{B7059CF2-CF68-466A-B08F-FA81EE4218B9}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B7FEAD08-7DDE-4770-827A-3CFB6D689EF9}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{B9092AAA-81EC-478E-B069-61F611EA5C75}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BA0A7910-C17A-405A-B2F4-84E68DC7A27B}" = protocol=17 | dir=in | app=i:\routersetup\qiswizard.exe |
"{BB379BA4-9309-4BE7-BD4E-6910C9C8DC28}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\raceroom racing experience\game\rrre.exe |
"{BD4A59C5-0534-4F19-9DD0-0105C48A8C4B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{BEEF3F1C-C215-495C-A6FD-0269160107F7}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{C68CA831-C689-4477-9203-5FB34CA37B5B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\thehunter\launcher\launcher.exe |
"{C91A42C3-357C-4769-84F5-A3237D575884}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{CBABC219-9A78-4B01-A2A6-81CB92346EA9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{CD3F0893-8A1C-4BCE-A8C4-7CBC8E02FBBF}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac68u wireless router utilities\discovery.exe |
"{D0E9A044-F6EF-4F9C-900E-6729ACEC74D4}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe |
"{D1979A45-49FF-4C46-8EAF-9B3A6EBE521F}" = dir=in | app=c:\program files\bignox\bignoxvm\rtnoxvmhandle.exe |
"{D44CC63E-9FF8-438A-B6E3-410D7A2C36E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D6D5ED07-A8DA-4BBF-9BF2-E3FAA9EC8E5E}" = protocol=6 | dir=in | app=h:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{D78D0ADD-2632-4CA5-BD33-B06ECF35B932}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{D8CBD803-59E1-4788-A6BA-B31FF71EDA8F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{DCE417ED-6FC5-4943-A0FF-7DE8D8CCBDC5}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\team fortress 2\hl2.exe |
"{DD2903FC-B1B5-4993-89A8-851BB68533B6}" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\utorrent\utorrent.exe |
"{DDD01D9F-4D16-4AF1-AC54-98A90C41619D}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sniper elite v2\launcher\sniperv2launcher.exe |
"{DE9E4971-E81F-45E9-B39C-E067E7478284}" = protocol=1 | dir=in | [email protected],-28543 |
"{E11CFECC-7C95-49B5-8C69-1035472E3AC4}" = protocol=17 | dir=in | app=h:\program files (x86)\origin games\need for speed world\gamelauncher.exe |
"{E19A6F29-C03A-461F-B3E7-F9CCE0D2C6E8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E221AFBE-85E0-47B5-B332-7C19F0F0A23C}" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\utorrent\utorrent.exe |
"{E30683C2-5084-453B-97F0-F29A61C0EAFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E56ED247-6E2A-4AB6-954C-DDB266911F35}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{E93B3D93-9F05-48D7-A86C-B9E4D5C6CD09}" = protocol=17 | dir=in | app=h:\program files\dirt2\dirt2_game.exe |
"{EA3A3ABF-07C8-49A1-9905-C5ED0C4FC4B1}" = dir=in | app=c:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe |
"{EF6D3B78-11FD-4DC7-8292-4285B9B4D1B0}" = protocol=6 | dir=in | app=h:\steam\bin\steamwebhelper.exe |
"{F228C51D-62B9-43BA-B657-DF06CE09C486}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F890CD04-D915-421D-8831-B7A54F1796BD}" = protocol=17 | dir=in | app=i:\printer\printer.exe |
"{F9E0464D-2575-44EA-B7B8-DA099D088AFB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FC06ECAA-419D-4FF4-9725-77F2795A574A}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{0CB0D9CF-A873-4DB2-9F50-0D577B284BCA}C:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4424D102-9D4A-4981-AF0E-F02680214D58}C:\users\pho_shizzle\appdata\local\temp\nst39a7.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nst39a7.tmp\setup.exe |
"TCP Query User{6F6532D9-D7AA-4C89-A46C-8CF0FC0A0B15}C:\users\pho_shizzle\appdata\local\temp\nsf3adf.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsf3adf.tmp\setup.exe |
"TCP Query User{7605CC3D-DCAC-49D4-AE5F-808043CC0C05}H:\steam\steamapps\common\thehunter\game\thehunter.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\thehunter\game\thehunter.exe |
"TCP Query User{C37AE2AF-1BB4-4817-9072-5DC42BCF9746}C:\users\pho_shizzle\appdata\local\temp\nsqcb8a.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsqcb8a.tmp\setup.exe |
"TCP Query User{C88CB7E7-77F1-40EA-983B-F9A005229D43}C:\programdata\kaspersky lab setup files\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\setup.exe |
"TCP Query User{D72B7A65-EFAC-4B76-9FE7-5738505F823B}I:\install\setup.exe" = protocol=6 | dir=in | app=i:\install\setup.exe |
"TCP Query User{E9F0923C-45EC-4B1A-868A-BD2946467DB2}C:\program files (x86)\maxthon\bin\maxthon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"TCP Query User{F6D21D28-FE17-47A4-A24A-AC23913F138C}C:\users\pho_shizzle\appdata\local\temp\nsb7051.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsb7051.tmp\setup.exe |
"UDP Query User{177A99F0-D129-4E7B-8DCB-CB42FEC12A86}I:\install\setup.exe" = protocol=17 | dir=in | app=i:\install\setup.exe |
"UDP Query User{2EAA83D8-8670-4723-9F33-95A89FEF361D}C:\users\pho_shizzle\appdata\local\temp\nsb7051.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsb7051.tmp\setup.exe |
"UDP Query User{3B7ACA0A-59D8-4456-8442-3B2DDFA389BB}C:\users\pho_shizzle\appdata\local\temp\nsf3adf.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsf3adf.tmp\setup.exe |
"UDP Query User{7D4F3B01-7020-4ABE-8593-67EA46143D18}C:\program files (x86)\maxthon\bin\maxthon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"UDP Query User{85B853D0-2816-4528-8DEB-6E43780740F0}C:\users\pho_shizzle\appdata\local\temp\nsqcb8a.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nsqcb8a.tmp\setup.exe |
"UDP Query User{86D9C3F2-1230-4F67-A68F-81F1C29A1AE9}H:\steam\steamapps\common\thehunter\game\thehunter.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\thehunter\game\thehunter.exe |
"UDP Query User{98F17E07-BD78-49DD-A82B-60AADADC50D3}C:\programdata\kaspersky lab setup files\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\setup.exe |
"UDP Query User{D3684EAB-9CB9-449A-8E5A-4AEE3DB0588F}C:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E0B44E92-EA60-47AB-89BE-C8E24A7D6AB0}C:\users\pho_shizzle\appdata\local\temp\nst39a7.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\pho_shizzle\appdata\local\temp\nst39a7.tmp\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FE18988-DE59-46FB-9EE7-D40DA5E98FEA}" = Intel(R) Management Engine Components
"{13556222-6637-F9E8-A6A6-186D6996E5E0}" = Catalyst Control Center Next Localization FR
"{15E1B393-3CCA-4C5B-A187-ACBC36019E73}" = ANT Drivers Installer x64
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E60CDCF-E4AF-2B49-3473-E9C10C0D6031}" = Catalyst Control Center Next Localization IT
"{2459C0BB-C5C8-2FD0-2437-BD92FB666A15}" = Catalyst Control Center Next Localization JA
"{24C5D072-9C78-419E-452C-69A4FC18CBF7}" = AMD Wireless Display v3.0
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{27D9A3A3-D0D2-2260-A2AA-A7228B6022B6}" = Catalyst Control Center Next Localization DA
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{352C8FF2-CB23-F2C3-CC82-B2F20AC15B5C}" = Catalyst Control Center Next Localization FI
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{38072574-E1D1-9B6C-EAB4-27E207E0B54A}" = Catalyst Control Center Next Localization EL
"{3B8435FC-47AD-7A7E-BCBD-13DF296DB149}" = Catalyst Control Center Next Localization HU
"{3DE97849-544D-4D68-9255-11DF6F9F10D8}" = Intel® Trusted Connect Service Client
"{426582A8-202F-D13C-8BD5-F00551BAFC93}" = AMD Wireless Display v3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55FB36B8-663A-06C2-9A6F-34A0AFFD906C}" = Catalyst Control Center Next Localization CS
"{56C43946-966D-1B4B-3910-3B4741F9CAF9}" = Catalyst Control Center Next Localization TR
"{58011544-00D2-DD75-4E0D-944AD2D3773D}" = Catalyst Control Center Next Localization KO
"{5AD2A7FD-38FA-F9DC-353D-9979C06AD922}" = AMD Media Foundation Decoders
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}" = AMD Wireless Display v3.0
"{68413D4F-C3C9-4B6F-9B39-AC7444C8C05C}" = VFW_Codec64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB4AC9E-01E9-4B8C-96C8-281ECAF3A687}" = Intel(R) Smart Connect Technology
"{7364C716-1212-4EAE-B0C9-A31D1E797BF8}" = Qualcomm Atheros Network Manager
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{80595353-6197-2EB6-F14C-C1F4AC093311}" = AMD Install Manager
"{81DFFE49-771C-3262-99DD-35AB35FEF71A}" = Catalyst Control Center Next Localization TH
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F2415FA-72F2-F029-0450-4EB2FAE484C5}" = AMD Accelerated Video Transcoding
"{8F5D8F15-4A07-E887-C8FD-498804F2522F}" = Catalyst Control Center Next Localization CHT
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95B039D1-3406-7AA8-DFE8-605A4F92640F}" = AMD Drag and Drop Transcoding
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E93DDED-A342-2621-8B33-A7FDE09E2A15}" = Catalyst Control Center Next Localization NL
"{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}" = iTunes
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AC9FF444-6AF9-FDC8-2275-7237B2D5DA57}" = AMD Wireless Display v3.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0199EE9-B640-3D24-29F8-99B1C425697A}" = Catalyst Control Center Next Localization CHS
"{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel(R) Chipset Device Software
"{BA1148A3-F4E1-23E4-8DC8-88B6E0E9BDBF}" = AMD Wireless Display v3.0
"{C078842D-6E39-ACBA-8927-51697B6D89B0}" = Catalyst Control Center Next Localization RU
"{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}" = Apple Application Support (64-bit)
"{C270821D-2479-D0F4-1BD1-7BBAF6762A98}" = AMD Wireless Display v3.0
"{C2A1F9AE-5E6B-4021-B1BA-72711EC5E558}" = Intel(R) Management Engine Components
"{C59870AD-505D-4C9E-B625-D1DE6B1ABF8D}" = Catalyst Control Center Next Localization DE
"{C7F2F764-33A8-7ED1-8ED9-BD594C814386}" = Catalyst Control Center Next Localization ES
"{C80C12DC-3959-4028-1681-F2BF00866439}" = Catalyst Control Center Next Localization BR
"{C80C9B28-CF99-431C-88C8-8B1F9B6A182F}" = Qualcomm Atheros Bandwidth Control Filter Driver
"{CE1A9479-C86A-81A5-729F-9B65120D15E1}" = Catalyst Control Center Next Localization SV
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D214F8C8-A231-E193-971C-7D185108F908}" = Catalyst Control Center Next Localization PL
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DD2A85B3-64C5-4263-A7AF-4F61FA5F369A}" = Qualcomm Atheros Killer E220x Drivers
"{E0CF7D6C-23B7-FBB2-212D-FFE83E9A70CE}" = AMD Wireless Display v3.0
"{E8EE02F4-377C-FB19-A712-CA074BE44CF8}" = AMD Settings
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBCCB5CD-B2B0-6870-DCC3-A7CCCC1B1B68}" = Catalyst Control Center Next Localization NO
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"7-Zip" = 7-Zip 15.06 beta (x64)
"AMD Catalyst Install Manager" = AMD Install Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.71
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.26
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"GIMP-2_is1" = GIMP 2.8.14
"Logitech Gaming Software" = Logitech Gaming Software 8.55
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
"WinRAR archiver" = WinRAR 5.10 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Smart Utilities
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0E5D9F94-A557-4853-AC4D-066EA306B5CD}" = Elevated Installer
"{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1" = Fast Boot
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}" = CCC Help Spanish
"{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}" = CCC Help Hungarian
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1" = ECO Center
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{231D0C79-98A6-4693-A366-36DE7D7346EC}" = HTC Sync Manager
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2622E339-8009-E71B-B43D-1B6E13212A4C}" = AMD Settings
"{26356515-5821-40FA-9C3D-9785052A1062}" = Apple Application Support (32-bit)
"{26A24AE4-039D-4CA4-87B4-2F32180101F0}" = Java 8 Update 101
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{315D9E6B-98B1-1E2B-9E93-B36A0B104224}" = Catalyst Control Center Localization All
"{31BC0B51-0676-A531-3940-1818B609EEA7}" = CCC Help Thai
"{32A3A4F4-B792-11D6-A78A-00B0D0180600}" = Java SE Development Kit 8 Update 60
"{37DBC990-C514-3821-D6FB-12E0745AA990}" = CCC Help Korean
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{42A97797-A255-49F9-4250-D58A9CEA2904}" = CCC Help Swedish
"{459CE109-4E46-4340-92BC-054642BC3BC2}" = Google Drive
"{489E5436-B101-CAD9-5571-14746675ECE3}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4F192902-A341-4321-838F-B92E03D44D27}" = Garmin Express
"{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1" = Live Update
"{504819D1-3C0A-2695-0007-BBDFA5936D68}" = CCC Help Dutch
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{59DB38EB-F864-4E10-841D-38CFBCF864B0}" = Intel(R) Driver Update Utility 2.0
"{5A5A8B70-F3B7-4C14-8812-6675101CBEB7}" = SmartViewer
"{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}" = Garmin Express
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{63780788-b958-4383-a369-93f28a50cd8b}" = VitalSource Bookshelf
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{69DF4822-9B16-CE04-7587-22E09FB5FD1D}" = CCC Help German
"{6C495748-5F03-0B97-568B-76D0368FB460}" = CCC Help English
"{6EA5444A-A75D-4495-9F83-3AC354882D96}" = SmartViewer
"{703F229F-573E-10E7-3B44-341DB59AD86B}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BA52D1-77C6-403A-82E2-346D91CB08DD}" = Garmin Express Tray
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79E3071B-8A0C-C105-6442-CF611732601E}" = CCC Help Norwegian
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = MSI Super Charger
"{7DED56EF-66D4-4F36-BC35-DC67B6277CC8}_is1" = Rapoo Keyboard and Mouse Driver v1.7
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1" = VGA Boost
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8409c4f7-2340-4933-a304-5d37db4fb48b}" = Intel® Driver Update Utility
"{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1" = MSI Command Center
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9114BDDB-A6A6-152D-060A-E99307057AD1}" = Catalyst Control Center Graphics Previews Common
"{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}" = CCC Help Turkish
"{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}" = CCC Help Danish
"{AC76BA86-0804-1033-1959-001824202044}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AD5E3969-F0C0-ECBF-45E5-C36B84904281}" = CCC Help Portuguese
"{B03A580A-5D67-DAC5-59A1-7AD7C513381C}" = CCC Help French
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}" = Sound Blaster Cinema 2
"{B7A93318-8CC8-41C1-B2C9-A09FF4314905}" = CF-100 Player
"{B87CD6CC-8094-496C-99BA-4425169948C9}" = ASUS RT-AC68U Wireless Router Utilities
"{b996dca2-156c-4d2c-b9a3-59fac08cef33}" = GoPro Studio 2.5.7
"{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}" = CCC Help Czech
"{BF51EEA5-56A0-4AC8-BCE5-0E3E20C1516F}" = MSI Intel Extreme Tuning Utility
"{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}" = CCC Help Japanese
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}" = CCC Help Russian
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{D9CBA021-DB41-9736-923F-52E3E426912D}" = CCC Help Finnish
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1" = MSI Gaming APP
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel(R) Chipset Device Software
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}" = Qualcomm Atheros Killer Network Manager Suite
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F521FF84-E690-40CF-977C-4103A4D8E5D0}" = GoPro App
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9B579C2-D854-300A-BE62-A09EB9D722E4}" = Google Talk Plugin
"{fbd55c4e-e884-4210-a79b-5f158834b133}" = MSI Intel Extreme Tuning Utility
"{FD85BB37-D0AD-4684-B052-4CE9DF72455A}" = VFW_Codec32
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE4DC915-D724-E72C-EF86-DC5B89961ACF}" = CCC Help Italian
"3FD0C489-0F02-481a-A3E1-9754CD396761" = Intel® Watchdog Timer Driver (Intel® WDT)
"553E35CD-0415-41bc-B39A-410375E88534" = ACPI Driver Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AirDroid" = AirDroid 3.3.2.0
"Android SDK Tools" = Android SDK Tools
"BlackVueHD" = BlackVue HD
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiRT 2_is1" = DiRT 2 / RePack by Baracuda
"DiRT 3 Complete Edition_is1" = DiRT 3 Complete Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 8.4
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 49.0.1 (x86 en-US)" = Mozilla Firefox 49.0.1 (x86 en-US)
"Mozilla Thunderbird 31.0 (x86 en-US)" = Mozilla Thunderbird 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"Naviextras Toolbox" = Naviextras Toolbox
"nbi-nb-base-8.0.2.0.201411181905" = NetBeans IDE 8.0.2
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"OpenAL" = OpenAL
"Origin" = Origin
"PC Wizard 2013_is1" = PC Wizard 2013.2.12
"PhraseExpress_is1" = PhraseExpress v11.0.125
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam" = Steam
"Steam App 202170" = Sleeping Dogs™
"Steam App 238090" = Sniper Elite 3
"Steam App 273110" = Counter-Strike Nexon: Zombies
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 63380" = Sniper Elite V2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer" = TeamViewer 11
"VLC media player" = VLC media player
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/9/2016 2:32:39 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x44c Faulting application start time: 0x01d2225b0da93a6f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: c14b97e4-8e4e-11e6-96d1-448a5b99bb68
Error - 10/9/2016 2:34:26 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x634 Faulting application start time: 0x01d2225b84c7ed1f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: 014e5f43-8e4f-11e6-96d1-448a5b99bb68
Error - 10/9/2016 2:38:43 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Office Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2016-11-08T18:32:43Z.
Error Code: 0x80070032.
Error - 10/9/2016 2:43:48 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x43c Faulting application start time: 0x01d2225ca24398fd Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: 500a00e4-8e50-11e6-859e-448a5b99bb68
Error - 10/9/2016 2:45:35 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0xffc Faulting application start time: 0x01d2225d1387dcbf Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: 9009652a-8e50-11e6-859e-448a5b99bb68
Error - 10/9/2016 3:05:37 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = ATIeRecord | ID = 16387
Description = ATI EEU Service event error
Error - 10/9/2016 3:06:23 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x448 Faulting application start time: 0x01d2225fcbd886de Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: 77a7e840-8e53-11e6-96f8-448a5b99bb68
Error - 10/9/2016 3:08:10 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x618 Faulting application start time: 0x01d222603a8c9150 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: b78d48fd-8e53-11e6-96f8-448a5b99bb68
Error - 10/9/2016 3:12:26 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Office Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2016-11-08T19:06:26Z.
Error Code: 0x80070032.
Error - 10/9/2016 3:23:08 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = ATIeRecord | ID = 16387
Description = ATI EEU Service event error
Error - 10/9/2016 3:28:39 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wuaueng.dll, version: 7.6.7601.18917,
time stamp: 0x559eae44 Exception code: 0xc0000005 Fault offset: 0x000000000008f206
Faulting
process id: 0x458 Faulting application start time: 0x01d22262df3da5b1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll
Report
Id: 93f81cfb-8e56-11e6-96f9-448a5b99bb68
[ System Events ]
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Server service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 10/9/2016 3:28:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 10/9/2016 3:29:40 PM | Computer Name = Pho_Shizzle_Darth_Maul | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056
< End of report >

johnb35 · Oct 10, 2016

A couple things to do.

1.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Driver::

EagleX64

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

2. Rerun otl again but this time copy and paste the following into the custom scans/fixes box at the bottom and then click on run fix up top.

Code:

:OTL

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:054203E4

Have you ran the tdsskiller program yet?

johnb35 · Oct 10, 2016

According to event viewer errors, most of them are problems with windows updates but then on system events, you have a lot of windows services issues. These windows services issues are the ones most likely causing your system to freeze up.

What were you doing with the system right before your troubles began? Was any new software installed? Power outage?

Pho_Shizzle · Oct 10, 2016

johnb35 said:
According to event viewer errors, most of them are problems with windows updates but then on system events, you have a lot of windows services issues. These windows services issues are the ones most likely causing your system to freeze up.

What were you doing with the system right before your troubles began? Was any new software installed? Power outage?

I haven't updated in a while so I thought I'd do some updating. For some reason, Windows Update was unable to connect or download any update files and remained at 0% downloaded. Then when I shut off my computer, windows prompted it would be installing 1 of 2 updates. But shut down before 2 of 2 was completed.

Next reboot, I experience all these issues.

johnb35 · Oct 10, 2016

Looks like windows has corrupted on you and unfortunately it happens all too often. I'm not sure how well a system restore would work, it might though. You can try restoring back to before your headaches started. Hopefully you have system restore enabled??? Some people don't.

Pho_Shizzle · Oct 10, 2016

johnb35 said:
Looks like windows has corrupted on you and unfortunately it happens all too often. I'm not sure how well a system restore would work, it might though. You can try restoring back to before your headaches started. Hopefully you have system restore enabled??? Some people don't.

Alright let me give it a shot and let you know. Thank you for all the help so far. Especially on a Sunday!!

I was hoping to avoid doing a fresh reinstall of windows because I have way too many programs and personalization compiled. I tried popping in the CD and doing a system repair but the repair said it was unable to fix the issue. Ill try for a restore point and hope I have a recent enough one.

johnb35 · Oct 10, 2016

If that don't work, then you'll have to reinstall windows fresh. If by miracle it does work, then you'll need to rerun the malware programs. If you have to reinstall windows I would advise you to make a backup image once you have it all setup the way you want that way you can restore it within 30 minutes and be back up running again. Acronis true image can do this for you, not free though.

Please Help! Can't Resolve Infection

New Member

New Member

New Member

Attachments

New Member

New Member

New Member

Master of Turning Things Off and Back On Again

Administrator

New Member

Administrator

New Member

Attachments

New Member

Attachments

Administrator

New Member

Attachments

Administrator

Administrator

New Member

Administrator

New Member

Administrator